Exploiting Tiny Tiny RSS
In August of 2020, we decided to analyze Tiny Tiny RSS web application for security vulnerabilities. We had great success in doing so, and this blog post will describe how we found and exploited them.
Andrew Dolgov (main tt-rss developer) has resolved all the issues fast and it was a pleasure to do the disclosure with him. For a period of three days since our first contact with him, many security related changes were pushed, and with