writeups.xyz
/
Alvaro Muñoz (@Pwntester)
Title
Vulnerabilities
Programs
Authors
Securing our home labs: Home Assistant code review
Insecure Deserialization
CSRF
RCE
Code Injection
Android
IOS
Security Code Review
Home Assistant
Alvaro Muñoz (@Pwntester)
GitHub Security Lab audited DataHub: Here’s what they found
SSRF
Insecure Deserialization
Cypher Injection
Authentication Bypass
Authorization Bypass
XSS
Open Redirect
JWT
JSON Injection
Cryptographic Issues
Session Expiration Issue
Security Code Review
DataHub
Alvaro Muñoz (@Pwntester)
Michael Stepankin (@Artsploit)
Peter Stöckli (@Ulldma)
Kevin Stubbings
Jorge Rosillo (@Jorge_ctf)
Sylwia Budzynska
Bypassing OGNL sandboxes for fun and charities
OGNL Injection
Atlassian
Apache Struts
Alvaro Muñoz (@Pwntester)
GHSL-2021-1053: Path traversal in Grafana REST API - CVE-2021-43813, CVE-2021-43815
Path Traversal
Grafana Labs
Alvaro Muñoz (@Pwntester)
Page 1 of 1
writeups.xyz
/
Alvaro Muñoz (@Pwntester)