Laluka (@TheLaluka) | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Spip Preauth RCE 2024: Part 2, A Big Upload	RCE File Upload Security Code Review	SPIP	Laluka (@TheLaluka)
Spip Preauth RCE 2024: Part 1, The Feather	RCE Code Injection Security Code Review	SPIP	Laluka (@TheLaluka)
What is kong & why we’re relying on it	RCE Sandbox Escape Authentication Bypass Hardcoded Credentials Broken Access Control Privilege Escalation JWT	Konga	Laluka (@TheLaluka)
Pre-Auth Remote Code Execution - Web Page Test	RCE SSRF	CatchPoint	Laluka (@TheLaluka)
RCE on Spip and Root-Me, v2!	RCE SSTI DNS Rebinding XSS Code Injection Unrestricted File Upload	SPIP	Laluka (@TheLaluka) T0 (@___T0___)
RCE on Spip and Root-Me	RCE SQL Injection XSS Open Redirect Reflected File Download	SPIP	Laluka (@TheLaluka)

Page 1 of 1