validation

Research Posts (2)

• Jun 12, 2021

  active_url validation check bypass in Laravel

  Reported and fixed a vulnerability in Laravel where active_url validation rule could be bypassed in a situation where a target has a subdomain localhost.
• Jun 12, 2021

  POP Gadget using function injection in RequiredIf

  Reported and fixed a vulnerability in Laravel where Illuminate\Validation\Rules\RequiredIf could be used as a gadget chain for deserialization vulnerabilities.