Feb 16 · 5 min read · Introduction Django is a widely used Python web framework that exposes Object-Relational Mapping (ORM) layer to let developers query databases using familiar Python syntax. That convenience becomes a liability when user input is fed straight into ORM...
Join discussion
Dec 30, 2025 · 5 min read · Mở đầu Một lỗ hổng bảo mật cực kỳ nghiêm trọng vừa được công bố trong nền tảng tự động hóa quy trình n8n, cho phép thực thi mã từ xa (Remote Code Execution – RCE) thông qua cơ chế xử lý biểu thức phía máy chủ. Lỗ hổng được định danh là CVE-2025-68613...
Join discussion
Dec 21, 2025 · 6 min read · I am Rana M.Sinan Adil aka (livepwn). I am 17 years old i was working on bug and also created a exploit.Hope you will enjoy :) How it worked: I have two laptop, lp1 and lp2. I run the exploit in lp1 just changed the ip and putted ip of my lp2. And i ...
Join discussionDec 17, 2025 · 7 min read · Understanding binary exploitation is one of the most important foundations in penetration testing. Classic buffer overflow vulnerabilities shaped the history of computing, and although modern systems now use stronger defenses like DEP and ASLR, these...
Join discussion
Nov 8, 2025 · 9 min read · CVE-2021-4034 — aka Pwnkit — is a high-severity local privilege escalation in the Polkit package that was present in Polkit releases dating back to 2009. Because Polkit is installed by default on most mainstream Linux distributions, this vulnerabilit...
Join discussion
Nov 7, 2025 · 8 min read · In late March 2022 the security community was alerted to remote code execution flaws affecting the Spring Framework. One of the issues—now commonly referred to as Spring4Shell (CVE-2022-22965)—impacts parts of Spring Core and, under a specific set of...
Join discussion
Aug 27, 2025 · 18 min read · msfconsole -to launch Metasploit Exploit: A piece of code that uses a vulnerability present on the target system. Vulnerability: A design, coding, or logic flaw affecting the target system. The exploitation of a vulnerability can result in disclosin...
Join discussionJul 10, 2025 · 4 min read · CTF 1 Question 1 The file that stores user account details is worth a closer look. (target1.ine.local) After doing an Nmap scan on the target, we can see that port 22 is open and running libssh for which there is a Metasploit module available to ex...
Join discussionJul 7, 2025 · 19 min read · Introduction Post-exploitation is the final phase of a penetration test. it consists of the tactics, techniques and procedures that attackers undertake after obtaining initial access on a target system. It involves what you do once you have gained an...
Join discussionJun 14, 2025 · 14 min read · Introduction Exploitation consists of techniques and tools used by adversaries / penetration testers to gain an initial foothold on a target system or network. You can only exploit a target if you know what is vulnerable. Exploitation methodology: I...
Join discussion