Tag Archives: Exploit

My MDSec Blog Posts so far in 2020!

Lately I have only published blog posts through the MDSec website. I thought it might be a good idea to link what I have published so far here as well:

Covert Web Shells in .NET with Read-Only Web Paths

Analysis of CVE-2020-0605 – Code Execution using XPS Files in .NET

Introducing YSoSerial.Net April 2020 Improvements

A Security Review of SharePoint Site Pages

CVE-2020-0618: RCE in SQL Server Reporting Services (SSRS)

Code injection in Workflows leading to SharePoint RCE (CVE-2020-0646)

COVID-19 has sadly affected many if not all of us. I hope everyone remains safe and we can all carry on the normal life we had before this crisis. Hopefully I can then publish more blog posts here as well.

Cross Site Request Forgery (CSRF) PoC Template (by Javascript)

“Cross Site Request Forgery (CSRF) PoC Template (by Javascript)” project page has been updated.

Please visit the project section:

[redacted]


@ScriptName: Cross Site Request Forgery (CSRF) PoC Template
@Purposes: For any Legal/Ethical Educational Security Researches Only (without any WARRANTY). You can create your own CSRF PoCs by using this template. Author does not accept any responsibility or liability for the use or misuse of this code.
@Website: http://soroush.secproject.com/blog/projects/csrf_poc_template/
@Code: https://code.google.com/p/csrf-poc-template-by-js/