Feb 26 · 5 min read · Security incidents rarely hinge on a single catastrophic bug. More often, they emerge from layered design shortcuts — each individually survivable, but collectively fatal. This case study examines a r
Join discussion
Jan 19 · 7 min read · During an engagement, I identified a Local File Inclusion (LFI) vulnerability in a document transfer application written in plain PHP. Although the application enforced strict file upload controls—restricting uploads to .doc, .docx, and .pdf files an...
Join discussionDec 4, 2025 · 3 min read · Critical security issues in React and Next.js have revealed a dangerous flaw in their Server Components architecture that enables unauthenticated remote code execution. The vulnerability affects applications relying on the rapidly growing React Serve...
Join discussion
Oct 2, 2025 · 1 min read · Vulnerability Command injection vulnerability exists in index.php of pfBlockerNG. Host header, which is user input, is entered into exec. <?php /* index.php pfBlockerNG (DNSBL) Copyright (c) 2015-2016 BBcan177@gmail.com All rights re...
Join discussionSep 23, 2025 · 5 min read · TryHackMe — Easy: Couch — Writeup Author: Rohan DeyTarget: TryHackMe Easy machine : couch (https://tryhackme.com/room/couch) TL;DR I scanned the machine, discovered CouchDB on port 5984, used its web UI (Fauxton) and API to find stored credentials, ...
Join discussionAug 9, 2025 · 8 min read · Hello, I’m a web guy. Usually, I’m not working on non-web applications since my mind doesn’t know binary and reverse engineering. About one year ago, I started giving myself a shot at working on some macOS applications, and I managed to uncover sever...
MNCTmohammad and 3 more commented
Jul 22, 2025 · 9 min read · Description In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privilege...
Join discussionJun 12, 2025 · 3 min read · Secure Your AI Code: A Look at E2B, Daytona, and Modal for Sandboxed Execution The excitement around AI code generation is palpable. Imagine AI assistants that not only understand your requests but also write and execute code to bring them to life! H...
Join discussionApr 23, 2025 · 5 min read · Introduction Hey fellow hackers,My name is Waqas, and I am currently working as a cybersecurity enthusiast, Last year, my friend Zeeshan M. and I worked on a project called redacted. The company is a service-based company where we had to test their d...
Join discussion
Mar 26, 2025 · 4 min read · Summary Cyble's Security Update Advisory provides a synopsis of the latest vulnerability patches released by various vendors. This advisory covers a recently disclosed vulnerability in Apache Tomcat that is being actively exploited in the wild, merel...
Join discussion