In early 2019, I had to pentest a couple of SOAP WebServices of a client and, as usual, I requested them some example requests as a baseline for my analysis.…
Recently during a penetration test Burp Suite reported a “Expression Language Injection” issue. Burp Suite recognizes the issue thanks to the following payload: gk6q${"zkz".toString().replace("k", "x")}doap2 The value returned was “igk6qzxzdoap2”,…