HackerTrans
TopNewTrendsCommentsPastAskShowJobs

redfr0g

no profile record

Submissions

[untitled]

1 points·by redfr0g·3 bulan yang lalu·0 comments

Breaking n8n's Expression Sandbox into RCE (CVE-2026-27577) with striga.ai

striga.ai
9 points·by redfr0g·4 bulan yang lalu·1 comments

Why Cloudflare rule order matters?

brzozowski.io
66 points·by redfr0g·4 bulan yang lalu·13 comments

One year with bug bounty automation

brzozowski.io
1 points·by redfr0g·5 bulan yang lalu·0 comments

Show HN: Atri Reports – Automated security report writing with DOCX

github.com
2 points·by redfr0g·tahun lalu·0 comments

LG WebOS 'Pwnage' – getting unauthenticated code execution on LG Signage TVs

brzozowski.io
5 points·by redfr0g·2 tahun yang lalu·1 comments

comments

redfr0g
·4 bulan yang lalu·discuss
How Striga uncovered a critical sandbox escape and unsanitized node name injection in n8n's expression engine, chaining them into full Remote Code Execution.
redfr0g
·4 bulan yang lalu·discuss
I think "as long as it was not a terminating action" is crucial here. The way how Cloudflare dashboard is designed right now may put you in false sense of security by implying that all rules will be evaluated one after another. In my opinion, they could do a better job UI-wise on highlighting, that a terminating action will result in skipping all subsequent rules.
redfr0g
·6 bulan yang lalu·discuss
Cybersecurity and research blog: https://www.brzozowski.io/
redfr0g
·2 tahun yang lalu·discuss
Blog post disclosing security research done on LG WebOS 'Signage' TVs.