HackerTrans
トップ新着トレンドコメント過去質問紹介求人

redfr0g

no profile record

投稿

[untitled]

1 ポイント·投稿者 redfr0g·3 か月前·0 コメント

Breaking n8n's Expression Sandbox into RCE (CVE-2026-27577) with striga.ai

striga.ai
9 ポイント·投稿者 redfr0g·4 か月前·1 コメント

Why Cloudflare rule order matters?

brzozowski.io
66 ポイント·投稿者 redfr0g·4 か月前·13 コメント

One year with bug bounty automation

brzozowski.io
1 ポイント·投稿者 redfr0g·5 か月前·0 コメント

Show HN: Atri Reports – Automated security report writing with DOCX

github.com
2 ポイント·投稿者 redfr0g·昨年·0 コメント

コメント

redfr0g
·4 か月前·議論
How Striga uncovered a critical sandbox escape and unsanitized node name injection in n8n's expression engine, chaining them into full Remote Code Execution.
redfr0g
·4 か月前·議論
I think "as long as it was not a terminating action" is crucial here. The way how Cloudflare dashboard is designed right now may put you in false sense of security by implying that all rules will be evaluated one after another. In my opinion, they could do a better job UI-wise on highlighting, that a terminating action will result in skipping all subsequent rules.
redfr0g
·6 か月前·議論
Cybersecurity and research blog: https://www.brzozowski.io/