How We Found & Exploited a Layer 7 DoS Attack on FogBugz Wed, 07 Feb 2018 This article examines how the specific application behaviour we reported finding in Fogbugz early in July 2017 was manipulated to overload systems leading to a DoS situation. Testing for this vulnerability involved checking HTTP status codes, response size and timing.
Exploiting SSTI and XSS in the CMS Made Simple Web Application Fri, 10 Nov 2017 Our Security Researcher found a vulnerability in a parameter in a URL in the address bar of the browser. Read more about how he did it, and how he was able to exploit it to carry out a few harmless changes.
