Yasin Soliman

Yasin Soliman


I'm Yasin, a security analyst from the UK, interested in web application testing and red team operations.

Twitter


Disclosure

Publicly disclosed vulnerability reports and bug write-ups.

From RSS to XXE: feed parsing on Hootsuite

Mike Knoop's research into XXE exploitation inspired me to experiment with RSS parsing on Hootsuite. These vulnerabilities arise when a parser validates and processes XML-based input which contains references to an external entity. Within fifteen minutes of testing, I had gained a pingback and demonstrated an exfiltration of /etc/issue.…

Yasin SolimanYasin Soliman