| WordPress GiveWP POP to RCE (CVE-2024-5932) |
|
|
|
| Mobile OAuth Attacks - iOS URL Scheme Hijacking Revamped |
|
|
|
| Patch Diffing CVE-2023-28121 to Compromise a WooCommerce |
|
|
|
| SecurePwn Part 2: Leaking Remote Memory Contents (CVE-2023-22897) |
|
|
|
| SecurePwn Part 1: Bypassing SecurePoint UTM’s Authentication (CVE-2023-22620) |
|
|
|
| From Zero to Hero Part 2: From SQL Injection to RCE on Intel DCM (CVE-2022-21225) |
|
|
|
| From Zero to Hero Part 1: Bypassing Intel DCM’s Authentication by Spoofing Kerberos and LDAP Responses (CVE-2022-33942) |
|
|
|
| WordPress Transposh: Exploiting a Blind SQL Injection via XSS - RCE Security |
|
|
|
| Smuggling an (Un)exploitable XSS |
|
|
|
| H1-4420: From Quiz to Admin - Chaining Two 0-Days to Compromise An Uber Wordpress |
|
|
|
| About a Sucuri RCE...and How Not to Handle Bug Bounty Reports |
|
|
|
| Dell KACE K1000 Remote Code Execution — the Story of Bug K1–18652 |
|
|
|
| Upgrade from LFI to RCE via PHP Sessions |
|
|
|
| Ok Google, Give Me All Your Internal DNS Information! |
|
|
|
| Ubiquiti Bug Bounty: UniFi v3.2.10 Generic CSRF Protection Bypass |
|
|
|
| CVE-2014-7216: A Journey Through Yahoo’s Bug Bounty Program |
|
|
|
| Google Bug Bounty: Nice Catch on Google Cloud Platform Live |
|
|
|
| Magix Bug Bounty: magix.com (RCE, SQLi) and xara.com (LFI, XSS) |
|
|
|
| PayPal Bug Bounty: PayPaltech.com E-Mail Injection |
|
|
|
| PayPal Bug Bounty: PayPaltech.com XSS |
|
|
|
writeups.xyz
/
Julien Ahrens (@MrTuxracer)