| Why nested deserialization is harmful: Magento XXE (CVE-2024-34102) |
|
|
|
| Digging for SSRF in NextJS apps |
|
|
|
| Continuing the Citrix Saga: CVE-2023-5914 & CVE-2023-6184 |
|
|
|
| High Signal Detection and Exploitation of Ivanti's Pulse Connect Secure Auth Bypass & RCE (CVE-2023-46805 & CVE-2024-21887) |
|
|
|
| RCE in Progress WS_FTP Ad Hoc via IIS HTTP Modules (CVE-2023-40044) |
|
|
|
| Leaked Secrets and Unlimited Miles: Hacking the Largest Airline and Hotel Rewards Platform |
|
|
|
| Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway |
|
|
|
| Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646) |
|
|
|
| can I speak to your manager? hacking root EPP servers to take control of zones |
|
|
|
| Exploiting an Order of Operations Bug to Achieve RCE in Oracle Opera |
|
|
|
| Finding XSS in a million websites (cPanel CVE-2023-29489) |
|
|
|
| Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails |
|
|
|
| Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI |
|
|
|
| Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More |
|
|
|
| Exploiting Static Site Generators: When Static Is Not Actually Static |
|
|
|
| Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135) |
|
|
|
| Chaining vulnerabilities to criticality in Progress WhatsUp Gold |
|
|
|
| Hacking a Bank by Finding a 0day in DotCMS |
|
|
|
| Encrypting our way to SSRF in VMWare Workspace One UEM (CVE-2021-22054) |
|
|
|
| Stealing administrative JWT's through post auth SSRF (CVE-2021-22056) |
|
|
|
| Turning bad SSRF to good SSRF: Websphere Portal |
|
|
|
| Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237 |
|
|
|
| Taking over Uber accounts through voicemail |
|
|
|
| Discovering a zero day and getting code execution on Mozilla's AWS Network |
|
|
|
| Gaining access to Uber's user data through AMPScript evaluation |
|
|
|
writeups.xyz
/
Shubham Shah (@Infosec_au)