vulnerability discovery

AntTech

Apr 13, 2023 · Databases

Sequence-Oriented DBMS Fuzzing with LEGO: A Novel Database Vulnerability Discovery Approach

The paper introduces LEGO, a sequence‑oriented DBMS fuzzing framework that leverages type‑affinity analysis to generate rich SQL statement sequences, achieving 44%‑198% higher coverage and uncovering numerous new vulnerabilities across MySQL, PostgreSQL, MariaDB, and Comdb2, as demonstrated at ICDE 2023.

ICDE 2023LEGOSQL sequence

0 likes · 15 min read

Sequence-Oriented DBMS Fuzzing with LEGO: A Novel Database Vulnerability Discovery Approach

Laravel Tech Community

Mar 12, 2021 · Information Security

Exploiting a High‑Risk SSRF Vulnerability in a Financial Crowdsourcing Web Application

The article details a step‑by‑step penetration test of a seemingly empty financial web application, describing how hidden JavaScript files and a discovered /xxxapi/file/pdf/view endpoint were leveraged to craft an SSRF payload that accessed internal services such as Elasticsearch, illustrating practical web security exploitation techniques.

JavaScript analysisSSRFWeb Security

0 likes · 7 min read

Exploiting a High‑Risk SSRF Vulnerability in a Financial Crowdsourcing Web Application