Tag feed

#rce

89 posts6 followers

Trending tags this week

How a fake client's project tried to hack my machine with RCE

May 22 · 12 min read · Someone messaged me on LinkedIn pitching a project idea. The repo he sent had a remote code execution backdoor in it. This is what it did and how I survived the linkedin lead that turned malicious wit

Join discussion

TTuannqblogs.night-wolf.io

0

From Privilege Escalation to RCE in Wiki.js

May 21 · 11 min read · I was poking around Wiki.js 2.5.312 one afternoon — as one does — when I found two vulnerabilities that chain together beautifully to turn a wiki moderator into a root shell. One report got accepted.

Join discussion

JJebitoksharonjebitok.com

0

Plant Photographer (TryHackMe)

May 6 · 14 min read · Plant Photographer is a TryHackMe challenge built around a botanist's personal portfolio website running on Werkzeug/Python. The box covers three main vulnerability classes: SSRF (Server-Side Request

Join discussion

SSl4cK0THz2r.zor0ark.me

0

WebVersePro Labs - Labs: NewsForge Writeup (Command Injection)

May 5 · 6 min read · Challenge Link: https://dashboard.webverselabs-pro.com/labs/newsforge Introduction Welcome back to another CTF writeup, we are tackling NewsForge, an easy-level web challenge from the WebVersePro Lab

Join discussion

MBMatt Browncloudsecburrito.com

0

Distroless Removes the Shell, Not the Risk

Apr 20 · 12 min read · I've been hearing a fair bit lately about distroless images. As I started digging into them, it became clear the idea is not new. In fact, there is a great talk that covers the concept well, and it is

Join discussion

AWAlan Westalan-west.hashnode.dev

0

Check Point Found Critical RCE Flaws in Claude Code. Here's What You Need to Know.

Mar 30 · 5 min read · If you're using Claude Code — and given that it reportedly has over 15 million commits on GitHub, a lot of you are — you need to stop and audit your project configuration files right now. Check Point Research published findings on two critical vulner...

Join discussion

ASaviral srivastavaaviraxroot.hashnode.dev

0

CVE-2026-33017: How I Found an Unauthenticated RCE in Langflow by Reading the Code They Already Fixed

Mar 19 · 9 min read · In early 2025, CISA added CVE-2025-3248 to their Known Exploited Vulnerabilities catalog. It was an unauthenticated remote code execution bug in Langflow, the popular open-source AI workflow builder w

Join discussion

AMAmr Mohammedamrmoadel.hashnode.dev

0

Cyclic Scanner - Android Service Exploitation Walkthrough

Feb 23 · 6 min read · Overview The lab description makes one thing very clear: this challenge is about exploiting an Android Service to achieve RCE. There is no confusion about the goal, and there is no need to explain wha

Join discussion

JJebitoksharonjebitok.com

0

Speed Chatting🎉🚩 - Unrestricted File Upload RCE (LFI)

Feb 20 · 4 min read · Description Speed Chatting is an AI Security Challenge that was part of the Love at First Breach 2026, red team beginner’s CTF. It covers prompt injection and system configuration vulnerabilities in A

Join discussion

MAMate Agulashvilinoteshacking.hashnode.dev

0

LFI → RCE: Abusing Stream Wrappers with Uploaded Microsoft DOCX Files

Jan 19 · 7 min read · During an engagement, I identified a Local File Inclusion (LFI) vulnerability in a document transfer application written in plain PHP. Although the application enforced strict file upload controls—restricting uploads to .doc, .docx, and .pdf files an...

Join discussion

#rce

Search Hashnode

#rce

Trending tags this week

How a fake client's project tried to hack my machine with RCE

From Privilege Escalation to RCE in Wiki.js

Plant Photographer (TryHackMe)

WebVersePro Labs - Labs: NewsForge Writeup (Command Injection)

Distroless Removes the Shell, Not the Risk

Check Point Found Critical RCE Flaws in Claude Code. Here's What You Need to Know.

CVE-2026-33017: How I Found an Unauthenticated RCE in Langflow by Reading the Code They Already Fixed

Cyclic Scanner - Android Service Exploitation Walkthrough

Speed Chatting🎉🚩 - Unrestricted File Upload RCE (LFI)

LFI → RCE: Abusing Stream Wrappers with Uploaded Microsoft DOCX Files