appsec.fyi · Sources

bishopfox.com

9 curated AppSec resources from bishopfox.com across 10 topics on appsec.fyi.

bishopfox.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-08.

AuthZ 3 RCE 2 AI 1 API Sec 1 AuthN 1 Burp 1 Deser 1 Fuzzing 1 JWT 1 XSS 1
Date Added Resource Excerpt
2026-06-08 2026Detecting CVE-2026-0265 at Scale: PAN-OS CAS Authentication BypassAuthNJWTCVE-2026-0265 allows unauthenticated attackers to bypass authentication in PAN-OS deployments using CAS by forging a JWT. This enables them to log in as any trusted user. Bishop Fox has developed a detection tool that identifies this vulnerability with a single anonymous request, providing a detailed explanation of the bug and remediation steps.
2026-06-08 2026Sparkplug B Protocol Fuzzing with AI AssistanceAIFuzzingBishop Fox has developed a new, publicly available fuzzer for the Sparkplug B protocol, a critical component in ICS and SCADA systems. Previously, no such tool existed. The fuzzer was created using AI-assisted development and comprehensively covers all 9 message types, 19 data types, and over 87 field paths defined in the Sparkplug B specification. This innovation aims to enhance the security of industrial control systems by enabling thorough testing of the protocol.
2026-06-08 2026Looting UniFi Controllers: Detecting and Weaponizing CVE-2026-22557AuthZRCEA critical CVSS 10.0 path traversal vulnerability, CVE-2026-22557, affects UniFi Network Application. Unauthenticated attackers can exploit this flaw to read controller backups, thereby extracting sensitive credentials. This compromise allows attackers to gain complete control over all devices managed by the vulnerable UniFi controller. Bishop Fox has detailed the attack vectors, necessary prerequisites, and developed a tool to help users detect and assess their exposure to this severe vulnerability.
2026-06-08 2026Otto Support - Testing MCP ServersAuthZThis post concludes the otto-support series by detailing how to test MCP servers, a new attack surface with familiar security fundamentals. Using tools like nmap, a Nuclei template, and MCP Inspector, researchers can discover, enumerate, and exploit an authorization gap. Notably, this process can be achieved without any interaction with an LLM.
2026-06-08 2026Popping Root on UniFi OS Server: Unauthenticated RCE Chain Detection & AnalysisAuthZRCEAn unauthenticated attacker can exploit a three-part vulnerability chain in UniFi OS Server to achieve root access. This chain allows bypassing the authentication gateway, executing a command injection, and escalating privileges to root with a single request. Bishop Fox has analyzed and confirmed this end-to-end attack, detailing its mechanics, potential impact, and safe detection methods.
2026-04-16 2026Power Up Pen Tests: Create Burp Suite Extensions with Montoya APIBurpLibrary for developing Burp Suite extensions using the Montoya API, streamlining tasks like authentication handling, API data mining, and UI visualization. This API, introduced in Burp Suite 2022.9.5, offers improved object-oriented design, WebSocket support, and simplified HTTP message manipulation compared to the older extender API, enabling developers to create more robust and flexible tools like the example "BurpCage" extension that replaces images with Nicolas Cage photos.
2026-04-11 2026Swagger Jacker: Auditing OpenAPI Definition FilesAPI SecTool for auditing OpenAPI definition files. Swagger Jacker automates the analysis of API routes defined in specification documents, identifying potential vulnerabilities like IDOR and SQL injection. It parses fields such as "Info" for API metadata and "security" for authentication mechanisms, then generates requests to test endpoint accessibility and authentication requirements, significantly reducing manual testing time for publicly exposed or unintentionally leaked definition files.
2026-04-10 2026Ruby Vulnerabilities: Exploiting Open, Send, and DeserializationDeserLibrary for exploiting common Ruby-specific remote code execution vulnerabilities, including insecure use of the `open` function, malicious `send` or `public_send` calls, and binary deserialization gadget chains. It provides a walkthrough and a vulnerable Ruby on Rails application to demonstrate exploitation techniques found during an assessment.
2026-04-10 2026Arista Firewall XSS to RCE ChainXSSWriteup detailing the exploitation chain of CVE-2025-6980, CVE-2025-6979 (an XSS vulnerability), and CVE-2025-6978 against Arista Next Generation Firewalls. This chain allows for remote code execution by combining an XSS vulnerability that steals administrator credentials with a command injection flaw that grants root privileges, a vulnerability the vendor's patch did not fully remediate. Disabling the captive portal is suggested as a mitigation alongside upgrading to the patched software version.