ReplforNothing2Losen2l.team·Jan 6, 2025Chrome Driver Exploitation with Headache - Final Web Challenge Writeup | CyberSentrixAt the end of 2024, my team and I, Cybersentrix, organized a CTF event aimed at high school students. This event featured two rounds: Qualifiers and Finals. In the Qualifiers, I contributed seven challenges spanning various categories: • 2 Web Challe...27 readspopunder
Hitesh Patrablogs.hiteshpatra.in·Dec 17, 2024CVE-2024-53677 - Apache Struts File Upload Vulnerability leading to RCEApache has announced a critical vulnerability affecting Apache Struts, a widely used Java-based web application framework by various organizations, including government agencies, e-commerce platforms, financial institutions, and airlines. Apache publ...1 like·169 readsCVE Analysisstruts2
VoorivexforVoorivex's Teamblog.voorivex.team·Nov 19, 2024From an Android Hook to RCE: $5000 BountyHello, today I want to share a research-based story about how I reverse-engineered a famous Android application called MyIrancell. I managed to achieve RCE, reported it to the vendor, and earned a bounty. A few days ago, I received permission from th...9 likes·7.8K readsbugbounty
Le Quoc Cuongnospaceavailable.hashnode.dev·Nov 2, 2024Gadget Inspector – a tool to find Java gadget chains for exploitationTại hội nghị Black Hat 2018, Ian Haken (JackOfMostTrades) đã giới thiệu một tool cho phép automation việc tìm gadget chain trong các thư viện hoặc classpath mà một Java application sử dụng. Trong blog này thì mình sẽ đi tìm hiểu cách hoạt động của to...62 reads#gadget chain
Muffinmuffinn.hashnode.dev·Aug 20, 2024[tryhackme] Upload VulnerabilitiesTask 1: Getting Started Phần đầu giới thiệu về Hosts File: it allows you to map IP addresses to domain names locally without relying on a DNS server to resolve the IP address. (giúp mapping địa chỉ IP với domain name mà không cần thông qua DNS serve...Tryhackmeuploaded-vulnerabilitie
elc4br4elc4br4.hashnode.dev·Aug 20, 2024Love - HackTheBoxEstamos ante una máquina Windows nivel Easy en la que encontraremos credenciales, tendremos que explotar RCE y jugar un poco con registros y msfvenom... 🙈 Reconocimiento Reconocimiento de Puertos El escaneo nmap nos reporta la siguiente informac...HackTheBox🦎CTF Writeup
hiu dangforNight Wolf Teamblogs.night-wolf.io·May 7, 2024Reflected XSS to Remote Code Execution in OpenMRS 3OpenMRS is the world's leading open source Electronic Medical Records platform, sustained by a global community. It is a Java-based, web-based electronic medical record. In this article, I will analyze a vulnerability I have found in OpenMRS 3, their...56 readsOpenMRS
Sergio Medeirosgrumpz.net·May 4, 2024Finding a Basic RCE Vulnerability on a Prominent News ChannelUsually, when newcomers approach me in the bug bounty field, they often ask about the tools, methods, and any other "secret sauce" I use when searching for vulnerabilities in bug bounty programs. I'm sure many of them might feel I sound arrogant or c...13 likes·514 readsMy Security Researchhacking
Cxnsxlecxnsxle.hashnode.dev·Jul 26, 2023Log Poisoning VulnerabilityWhat is Log Poisoning? Log poisoning is a cybersecurity attack technique aimed at manipulating or polluting the data collected in log files within a computer system or network. Log files are used to record various activities and events on a system, s...1 like·60 readsowasp
Kaleb McGaugh Mohrenablesecretkm0hr.hashnode.dev·Jul 2, 2023FortiOS RCE Vulnerability - How to update FortiGate firmwareIn this article, I will be demonstrating how to update the FortiOS firmware version, on your FortiGate firewall. This article can assist in the mitigation of the RCE vulnerability affecting SSL VPN services on FortiOS v7.2.4, as outlined in CVE-2023-...108 readsFortinet
![[tryhackme] Upload Vulnerabilities](https://cdn.hashnode.com/res/hashnode/image/upload/v1724601171967/58051af2-f5a9-4f93-ba7a-861f9c64883d.png?w=1600&h=840&fit=crop&crop=entropy&auto=compress,format&format=webp)
