LFI → RCE: Abusing Stream Wrappers with Uploaded Microsoft DOCX Files
Jan 19 · 7 min read · During an engagement, I identified a Local File Inclusion (LFI) vulnerability in a document transfer application written in plain PHP. Although the application enforced strict file upload controls—restricting uploads to .doc, .docx, and .pdf files an...
Join discussionFrom Uncertainty to Understanding: An Alumni Journey of Growth, Reflection, and Purpose
Jan 19 · 4 min read · College is not merely a phase of academic learning; it is a transformative chapter where identities are shaped, perspectives are built, and foundations for life are laid. For Nooruddin Mohammad, his college journey was not defined by a single achieve...
Join discussion
From Backlogs to Belief: A Journey of Exploration, Exposure, and Quiet Transformation
Jan 13 · 4 min read · Some stories don’t begin with achievements.They begin with a word. When I got his number from my sir, who also happens to be his father. I saved it like any other contact. Out of curiosity, I opened WhatsApp and checked his bio. There was just one wo...
Join discussion
A NSS Conversation Louder Than the Music
Jan 10 · 4 min read · That evening on campus felt like a celebration packed into a single hour. It was a KREYA flashmob, crackers bursting, colours filling the air, music vibrating through the ground, laughter everywhere. For one full hour, the campus wasn’t about schedul...
Join discussion
React2Shell Aftermath
Jan 8 · 12 min read · Defining React terminology React: React started as a client-side JavaScript library for building component-based user interfaces, managing a virtual DOM and pushing minimal updates to the browser. Over time it grew into a full ecosystem that spans t...
Join discussion
Phát hiện lỗ hổng RCE nghiêm trọng trong nền tảng tự động hóa n8n (CVE-2025-68613)
Dec 30, 2025 · 5 min read · Mở đầu Một lỗ hổng bảo mật cực kỳ nghiêm trọng vừa được công bố trong nền tảng tự động hóa quy trình n8n, cho phép thực thi mã từ xa (Remote Code Execution – RCE) thông qua cơ chế xử lý biểu thức phía máy chủ. Lỗ hổng được định danh là CVE-2025-68613...
Join discussion
HackTheBox | Gavel Writeup — From SQL Injection to Root Shell
Dec 7, 2025 · 11 min read · HackTheBox | Gavel Writeup — From SQL Injection to Root Shell A step-by-step walkthrough of exploiting an auction platform through source code analysis, SQL injection, and YAML-based privilege escalation Before diving in, I want to note that this is...
Join discussionReact2Shell: A Technical Deep Dive into CVE-2025-55182—Priority-0 RCE Alert and Remediation Guide for Next.js and React Server Components
Dec 7, 2025 · 15 min read · I. Executive Mandate: Maximum Severity Alert (CVSS 10.0) A. Statement of Urgency and Impact This report serves as a maximum-severity alert regarding the critical vulnerability designated as CVE-2025-55182, widely referred to as React2Shell. This flaw...
Join discussion