Research

Introduction At ProjectDiscovery, our focus is on enhancing our open-source solution, Nuclei, by incorporating templates for trending CVEs. Our collaborative efforts involve constant additions of templates by the open-source community, internal template and research team to stay updated on emerging exploits. One such notable case involves MOVEit Transfer, a widely

Introduction While testing request pipelining on multiple programming language built-in servers, we observed strange behavior with PHP’s. As we delved deeper, we discovered a security bug in PHP that could expose the source code of PHP files as if they were static files rather than executing them as intended.

Introduction As seen in Part 1: Abusing Reverse Proxies: Metadata, open proxies can allow an attacker to access cloud metadata API services. However, even without metadata services available, open proxies can be a boon for an attacker. A primer on open proxy types: * Forward: typical use case is allowing private

Introduction Many cloud service providers offer a "metadata" service on their virtual machines. These services offer sensitive details about the instance and cloud operating environment. Metadata services offer REST APIs to programmatically retrieve this data. Amazon’s AWS service defined the IMDSv1 “standard” on their EC2 instances, and