{"version":"1.0","provider_name":"hacking.cool","provider_url":"https:\/\/hacking.cool\/atomanya","author_name":"Atom","author_url":"https:\/\/hacking.cool\/atomanya\/author\/atom\/","title":"Mass Assignment Vulnerabilities - hacking.cool","type":"rich","width":600,"height":338,"html":"<blockquote class=\"wp-embedded-content\" data-secret=\"n66tsVivNc\"><a href=\"https:\/\/hacking.cool\/atomanya\/mass-assignment-vulnerabilities\/\">Mass Assignment Vulnerabilities<\/a><\/blockquote><iframe sandbox=\"allow-scripts\" security=\"restricted\" src=\"https:\/\/hacking.cool\/atomanya\/mass-assignment-vulnerabilities\/embed\/#?secret=n66tsVivNc\" width=\"600\" height=\"338\" title=\"&#8220;Mass Assignment Vulnerabilities&#8221; &#8212; hacking.cool\" data-secret=\"n66tsVivNc\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" class=\"wp-embedded-content\"><\/iframe><script type=\"text\/javascript\">\n\/* <![CDATA[ *\/\n\/*! This file is auto-generated *\/\n!function(d,l){\"use strict\";l.querySelector&&d.addEventListener&&\"undefined\"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!\/[^a-zA-Z0-9]\/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret=\"'+t.secret+'\"]'),o=l.querySelectorAll('blockquote[data-secret=\"'+t.secret+'\"]'),c=new RegExp(\"^https?:$\",\"i\"),i=0;i<o.length;i++)o[i].style.display=\"none\";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(\"style\"),\"height\"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):\"link\"===t.message&&(r=new URL(s.getAttribute(\"src\")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(\"message\",d.wp.receiveEmbedMessage,!1),l.addEventListener(\"DOMContentLoaded\",function(){for(var e,t,s=l.querySelectorAll(\"iframe.wp-embedded-content\"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(\"data-secret\"))||(t=Math.random().toString(36).substring(2,12),e.src+=\"#?secret=\"+t,e.setAttribute(\"data-secret\",t)),e.contentWindow.postMessage({message:\"ready\",secret:t},\"*\")},!1)))}(window,document);\n\/* ]]> *\/\n<\/script>\n","thumbnail_url":"https:\/\/hacking.cool\/atomanya\/wp-content\/uploads\/2024\/07\/0a83f4cc-ea69-4ced-b826-e658f929e803.webp","thumbnail_width":1792,"thumbnail_height":1024,"description":"Rarely talked about, this is an interesting vulnerability. In 2012, GitHub faced a significant Mass Assignment vulnerability. An attacker discovered that GitHub&#8217;s enterprise system allowed users to set arbitrary parameters, including the admin flag, during account creation. The attacker exploited this by including the admin parameter in the account registration request, granting themselves administrative privileges.&hellip;Read More"}