AnchorSec’s research team investigate the Liferay application and find a Cross-Site Scripting vulnerability that leads to Remote Code Execution, via CAPTCHA bypass. This blog explains the vulnerability and how it was exploited.

AnchorSec’s founder, Gareth, develops a tool to help him find and verify Regular Expression Denial of Service (ReDoS) vulnerabilities in code. This blog explores the cause of this class of vulnerability, how to find ReDoS vulnerabilities and the implications for security. The blog also describes the development of a new tool to assist in finding these vulnerabilities, and the next steps for security testers.