Everything I’ve published,
in one feed.

Enketo 6.2.1 - Auth-Bypass, SSRF, and XXE Browser Abuse to File Read

This article is the result of an OffenSkill Training. It discusses an unauthenticated arbitrary file read vulnerability found in the Enketo software, a web survey manager. The vulnerability, found during a white-box code review session, allows an unauthenticated attacker to read any arbitrary file on the server's by chaining an auth bypass, SSRF, XXE in svg and browser abuses.