Intigriti Challenge 1125 – SSTI Chain PoC
Server-side template injection (Jinja2 SSTI) + unsigned JWT.
Recent Posts
Intigriti Challenge 1025 — SSRF → LFI Writeup
A quick look at the source shows a naïve validation step that checks whether the string “http” appears in the parameter, then directly passes it to curl_init().
Python Reverse Engineering: A Beginner's Guide
Reverse engineering is the process of analyzing software to understand how it works when source code is unavailable or to study compiled artifacts. Python is a common target for reverse engineering because its bytecode and packaging formats (like .pyc and PyInstaller bundles) are relatively accessible.
SQL Injection: Understanding All Aspects
In this document, we provide a comprehensive explanation of SQL Injection, a common and critical vulnerability affecting web applications.
Understanding Subdomain Takeover: A Critical Security Vulnerability
Subdomain Takeover happens when a subdomain points to an inactive external resource (e.g., S3 bucket or GitHub repo), allowing attackers to exploit it by gaining control of the subdomain and using it for phishing, malware, or data theft.
CVE-2021-42245 Static Analysis
FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections.
Exploit writing tutorial part 3 : Stack Based Overflows
Stack Based Overflows
Exploit writing tutorial part 2 : Stack Based Overflows
Stack Based Overflows
Exploit writing tutorial part 1 : Stack Based Overflows
Stack Based Overflows
Wide: Hack The Box — Writeup: Reverse Engineering
Wide: Hack The Box