From "Low-Impact" RXSS to Credential Stealer: A JS-in-JS Walkthrough
From the classic “quote break” in a to a login takeover: step by step, I show how a “low-impact” RXSS becomes a real credential stealer.
Read more »3 Ways In: Exploiting WordPress Plugins via File Upload and Deserialization
In this post, I break down three real-world vulnerabilities found in WordPress plugins — from unsafe deserialization to arbitrary file upload — and show how they can lead to full compromise.Includes analysis, PoCs, and exploitation details.
Read more »UTCTF 2024 Writeups
Writeups of some challenges from UTCTF 2024
Read more »Znuny OTRS CVEs : CVE-2024-32491, CVE-2024-32492, CVE-2024-32493
In this post I detail two critical security flaws I discovered last year in the Znuny / OTRS ticket-ing system: a path-traversal file-upload bug that can be leveraged for remote code execution, and a Second Order SQL injection in the draft-form cleanup routine. The write-up walks through root cause analysis, step-by-step PoCs, impact, official patches, and mitigation tips for administrators who are still running unpatched instances.
Read more »CodeInTheDarkCTF 2023 writeups
Writeups of some XSS challenges from CodeInTheDark CTF
Read more »