After checking Apache APISIX and Traefik, for path traversal in authZ context, now I will research Emissary ingress. In Emissary there is feature called Basic authentication, which is very similar to forward authentication discussed in Traefik.

In my previous post about Apache APISIX I have found path traversal in uri-blocker plugin. In this text I will focus on yet another ingress controller which is Traefik. It has feature called forward auth. At the end I will mention HAProxy ingress controller.

In this article I will present my research on insecure usage of $request_uri variable in Apache APISIX ingress controller. My work end up in submit of security vulnerability, which was positively confirmed and got CVE-2021-43557. At the end of article I will mention in short Skipper which I tested for same problem.

Lately I have come across task to perform security review of Azure subscription. It was white-box based and I had access to all terraform, Kubernetes and Docker files. I will share with you what checks are worth to do for such review.

This story will explain how to find and exploit SpEL parser in web applications based on Java language. What is SpEL ? From Spring documentation: The Spring Expression Language (SpEL for short) is a powerful expression language that supports querying and manipulating an object graph at runtime.

This is last part of my stories about exploiting service with SSRF bug. Part 1 is available here, and part 2 here. This part is focused on abusing Node.js and node-fetch library. I will try to “talk” with Redis service using CRLF injection in http parser.

In this story I will continue my journey to exploit Server Side Request Forgery (SSRF). Part 1 is available here. What is state of the game up to now?

In test of one application I have encountered bug in regex that leaded to Server Side Request Forgery (SSRF). Way of finding it was huge fun and excitement. It was also my first bug on production system ever.