Hunting For Mass Assignment Vulnerabilities Using GitHub CodeSearch and grep.app

Hacked freeCodeCamp Certification

This post discusses the process of searching top GitHub projects for mass assignment vulnerabilities. This led to a fun finding in the #1 most starred GitHub project, freeCodeCamp, where I was able to acquire every coding certification – supposedly representing over 6000 hours of study – in a single request. Searching GitHub For Vulnerabilities With … Read more

Working with vendors to “fix” unfixable vulnerabilities: Netgear BR200/BR500

By Erik Cabetas In the summer of 2021 Joel St. John was hacking on some routers and printers on his IncludeSec research time. He reported security vulnerabilities to Netgear in their BR200 router line (branded as “Netgear Insight Managed Business Router”). During subsequent internal analysis by Netgear, they found that the BR500 line was also … Read more

Issues with Indefinite Trust in Bluetooth

At IncludeSec we of course love to hack things, but we also love to use our skills and insights into security issues to explore innovative solutions, develop tools, and share resources. In this post we share a summary of a recent paper that I published with fellow researchers in the ACM Conference on Security and … Read more

Customizing Semgrep Rules for Flask/Django and Other Popular Web Frameworks

We customize and use Semgrep a lot during our security assessments at IncludeSec because it helps us quickly locate potential areas of concern within large codebases. Static analysis tools (SAST) such as Semgrep are great for aiding our vulnerability hunting efforts and usually can be tied into Continuous Integration (CI) pipelines to help developers catch … Read more