We're a team of highly skilled IT security professionals dedicated to tackling the most diverse and complex problems in the industry.
With a holistic mindset, we provide a wide range of offensive and defensive IT security services. From hacking your website, company or IoT device, to implementing security features in your app, we help you drive positive change in your organization.
We demonstrate how the popular "Ransack" library (Ruby on Rails) can be abused to exfiltrate sensitive data via character by character brute-force, allowing for a full application compromise in some cases. An internet wide search identifies several hundred potentially vulnerable applications.
We explore the security service urlscan.io and showcase through various "dorks" that their searchable scan database is a treasure trove of URLs pointing to sensitive user information, allowing account takeover, and much more. Part of the data has been leaked in an automated way by other security tools (SOARs) that accidentally made their scans public.
Using a still unpatched vulnerability in the PHP library dompdf (used for rendering PDFs from HTML), we achieved RCE on a web server with merely a reflected XSS vulnerability as entry point.
Or send an email to hi@positive.security