XSS, SSRF and CF ATO
This blog post describes how during a pentest I discovered a seemingly harmless XSS, and chained it with an SSRF, then an insecure default in Caddy to finally takeover the Cloudflare account managing DNS entries of a company.
This blog post describes how during a pentest I discovered a seemingly harmless XSS, and chained it with an SSRF, then an insecure default in Caddy to finally takeover the Cloudflare account managing DNS entries of a company.