| IIS welcome page to source code review to LFI! |
|
|
|
| The Hunt for XXE to LFI: How I Uncovered CVE-2019–9670 in a Bug Bounty Program |
|
|
|
| $15k RCE Through Monitoring Debug Mode |
|
|
|
| 17 vulnerabilities in Sharp Multi-Function Printers |
|
|
|
| From a GLPI patch bypass to RCE |
|
|
|
| From Discovery to Disclosure: ReCrystallize Server Vulnerabilities |
|
|
|
| Form Tools Remote Code Execution: We Need To Talk About PHP |
|
|
|
| So you found Auth0 secrets, now what? |
|
|
|
| Unmasking an RFI to LFI Escalation |
|
|
|
| Weird LFI and escalating the impact from High to Critical |
|
|
|
| Blog: OmniSpace, from automated 0day XSS to RCE |
|
|
|
| Blog: CVE-2023-4634 - Tricky Unauthenticated RCE on Wordpress Media Library Assistant Plugin using a good old Imagick |
|
|
|
| Leaking File Contents with a Blind File Oracle in Flarum |
|
|
|
| One LFI bypass to rule them all (using base64) |
|
|
|
| can I speak to your manager? hacking root EPP servers to take control of zones |
|
|
|
| Found SSRF and LFI in Just 10 minutes of using burp! |
|
|
|
| A short tell of LFI from PDF link → Professor the Hunter |
|
|
|
| The curl quirk that exposed Burp Suite & Google Chrome |
|
|
|
| Hacking AI: System and Cloud Takeover via MLflow Exploit |
|
|
|
| Getting Root - A Technical Walkthrough |
|
|
|
| PHP Filter Chains: File Read From Error-based Oracle |
|
|
|
| LFI - An Interesting Tweak |
|
|
|
| OpenEMR - Remote Code Execution in your Healthcare System |
|
|
|
| PandoraFMS - Pre-Auth Remote Code Execution |
|
|
|
| Hacking a .NET API in the real world |
|
|
|
writeups.xyz
/
LFI