appsec.fyi · Sources

cobalt.io

10 curated AppSec resources from cobalt.io across 7 topics on appsec.fyi.

cobalt.io

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-16.

API Sec 2 AuthN 2 CSRF 2 SSRF 2 Deser 1 RCE 1 SSTI 1
Date Added Resource Excerpt
2026-04-16 2026Bypassing the Protections: MFA Bypass TechniquesAuthNLibrary detailing Multi-Factor Authentication bypass techniques, including HTTP response body manipulation, status code manipulation, forceful browsing, CSRF and clickjacking to disable MFA, cached OTPs in dynamic JavaScript, missing integrity checks on OTPs, lack of brute-force protection on OTP validation, OTP code reusability, and code leakage in responses.
2026-04-11 2026A Pentester's Guide to SSTI | CobaltRCESSTIGuide to Server-Side Template Injection (SSTI) detailing how attackers exploit template engines like Smarty, Twig, Velocity, Jinja, and Liquid to achieve remote code execution (RCE). It describes using polyglot payloads to detect vulnerabilities, identify template engines through error messages, and leverage available objects like `settings.SECRET_KEY` for exploitation. The guide also mentions Tplmap as an automated tool for SSTI exploitation and suggests input sanitization and sandboxing as remediation techniques.
2026-04-11 2026API Security 101: Mass Assignment and Exploitation in the WildAPI SecGuide to exploiting mass assignment vulnerabilities in APIs, covering its impact on privilege escalation and financial abuse. This guide details how mass assignment functions in frameworks like Ruby on Rails, NodeJS, Spring MVC, ASP NET MVC, and PHP, and demonstrates exploitation techniques using examples and the crAPI demo lab. It also outlines remediation strategies such as disabling automatic property mapping and implementing read-only fields.
2026-04-10 2026Cobalt: OAuth Vulnerabilities Part 2AuthNWriteup detailing common OAuth vulnerabilities, including CSRF attacks mitigated by state parameters, authorization code theft via malicious websites and insecure redirect URIs, and authentication bypass in implicit flows by manipulating POST requests. It also covers SSRF via OpenID dynamic client registration, highlighting insecure use of client data and bypass techniques for redirect URIs.
2026-04-10 2026CSRF & Bypasses - CobaltCSRFLibrary exploring Cross-Site Request Forgery (CSRF) vulnerabilities, detailing attack flows, exploitation techniques against applications without defenses, and various bypass methods. It covers bypassing CSRF token validations by changing request methods or removing tokens, and other bypasses including Referer header manipulation, content type checks, session fixation, SameSite cookie attribute exploitation, and Laravel-specific token manipulation.
2026-04-10 2026The Anatomy of Deserialization AttacksDeserReference detailing deserialization attack techniques across PHP, Python (using pickle), Node.js, Java, and .NET. It covers how vulnerabilities arise from processing untrusted serialized data, enabling attacks like Remote Code Execution (RCE), SQL injection, and path traversal through PHP magic methods (__wakeup(), __destruct()), Python's pickle module, and Java's ObjectInputStream. Detection tools like Ysoserial, Ysoserial.net, and various Burp plugins are mentioned, alongside remediation strategies focusing on using alternative data formats like JSON/XML and deserializing only signed data.
2026-04-09 2026From SSRF to Port ScannerSSRFTechnique demonstrating SSRF exploitation for internal and external port scanning, bypassing firewalls. This method leverages the web server's response to differentiate open from closed ports, utilizing Burp Intruder for efficient port enumeration, and discusses mitigation strategies like whitelisting DNS names, proper response handling, and request rate limiting.
2026-04-03 2026CSRF & Bypasses | CobaltCSRFLibrary detailing Cross-Site Request Forgery (CSRF) vulnerabilities and bypass techniques. It covers how CSRF attacks exploit authenticated users to perform unwanted actions, including exploitation via GET requests, IMG tags, and POST requests. Specific bypass methods discussed include altering request methods, removing CSRF token parameters, manipulating referrer headers, content type checks, and exploiting SameSite cookie attributes through client-side redirects. The resource also touches on bypassing CSRF protection in frameworks like Laravel and utilizing session fixation.
2026-04-03 2026Top 6 API Pentesting Tools | CobaltAPI SecLibrary of top API penetration testing tools including Postman for managing requests and proxied through tools like Burp Suite for in-depth analysis, vulnerability discovery via Repeater and Intruder, and automated scanning. Swagger aids testers by providing standardized API documentation, while SoapUI assists with SOAP-based APIs. GraphQL, a query language, presents unique challenges requiring schema understanding and targeted query crafting for vulnerabilities like DoS and authorization bypasses. ZAP, an OWASP DAST tool, offers proxying, scanning for vulnerabilities like XSS and SQL injection, and supports formats like JSON and XML, with add-ons for OpenAPI, GraphQL, and SOAP.
2025-08-14 2025A Pentester’s Guide to Server Side Request Forgery (SSRF)SSRFCheatsheet detailing Server-Side Request Forgery (SSRF) techniques. It covers exploiting functionality that reads or submits data to URLs, enabling attackers to access internal resources like AWS metadata, MongoDB interfaces, or local files via protocols such as `file://`, `sftp://`, `dict://`, `tftp://`, `ldap://`, and `gopher://`. The guide also provides payloads for localhost access, XSS integration, iframe injection, and cloud-specific metadata endpoints for AWS, Google Cloud, and Azure.