My Argo CD Privilege Escalations post describes some privilege escalation possibilities, if Argo CD projects are not configured securely. In this post I’ll show a complete walkthrough on abusing one of these possible misconfigurations.
Read moreConsider a multi-team GitOps setup with Argo CD: each team has their own repository that holds the team’s Kubernetes yaml files that Argo CD deploys to a shared cluster. Inside the cluster, teams are separated into their own namespaces, and Argo CD only deploys resources to the namespace that belongs to the given team.
Let’s see how this setup can be misconfigured to allow deploying to other team’s namespaces or to the cluster level!
Read moreJapan is famous for it’s love for cash and the people are very reluctant to use anything else. The government even had a 2-5% cashback program on most cashless payments in 2019-2020 to change this. Even after this, credit cards are often not accepted, especially at smaller shops or restaurants. On the other hand Japan has a handful of barcode-based mobile payment solutions: PayPay, LinePay, auPay, RakutenPay, FamiPay, MerPay etc., out of which PayPay seems to be the most widely accepted (in my experience).
Japan is full of drink vending machines:
However I don’t like coins. The vending machines at the train stations usually accept Suica, but elsewhere they are mostly cash only. Or that’s what I thought.
Meet Coke ON, the fun and reasonable (🤨) Coca-Cola official app, which lets you buy drinks from selected vending machines using your phone, paying with credit card, PayPay or LinePay. Moreover you get stamps for each purchase, that gets you a free drink after 15 stamps.
Read moreOpen redirects are generally treated as a low risk issue, due to the limited impact (more convincing phishing). However in certain cases a simple open redirect vulnerability can lead to reflected XSS, which I’ll talk about in this post.
Redirecting in a browser can happen in two ways:
302 Found) with the destination of the redirect in the Location headerwindow.location.href='https://example.com' or
window.location.assign('https://example.com'); or window.location.replace('https://example.com');If an open redirect vulnerability exist with the second type of redirect, it might be an XSS as well using the javascript: pseudo-protocol. E.g. the following JavaScript code will pop up an alert:
url = "javascript:alert(document.domain)"; // coming from the user in real life
window.location.href= url;