Coming from a background of software development and architecture, I spent a few years as software developer, architect, team lead, working in secure software for the financial sector
I moved into security consultancy, fisrt as an in-house penetration tester and code reviewer in online gambling, before moving into security consultancy and working on code review, penetration testing, threat modelling, and automating security testing with new tools, scripts, etc.
The Salesforce platform allows a platform-specific vulnerability, known as SOSL injection. While conceptually similar to SQL injection, testing and exploitation requires different payloads and different approaches.
In light of the lack of online documentation, and a distinct lack of online examples or tutorials, this talk will explain the issue and its consequences. It will illustrate some working methods for detecting and confirming the existence of the vulnerability within a website, showing different payloads useful payloads for detection and exploitation, before explaining the consequences for a vulnerable site and how to fix occurrences of the issue.