Iain Wallace, Author at LRQA Nettitude Labs

CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution

Download PwnlyOffice GitHub: https://github.com/nettitude/pwnlyoffice Background About 18 months ago, I was conducting a pentest of a document management platform. It was designed with the goal of providing a secure document storage and sharing [...]

By Iain Wallace|2023-01-04T10:12:18+00:00December 14, 2022|

Cross Site Scripting (XSS) Payload Generator

This post will help you to evade some of those tricky cross site scripting restrictions with the help of a new tool I've pushed to our XSS Payloads repository. There are times during [...]

By Iain Wallace|2021-02-10T13:37:34+00:00July 29, 2019|

More XSS Shenanigans

In September, we released our XSS Payloads collection of scripts and they went down really well within the pen-testing community. There are lots of other fun things you can do to exploit cross site scripting [...]

By Iain Wallace|2021-02-10T13:44:50+00:00February 3, 2017|