Exploring the depths of web security. Focusing on RCE, deserialization, and logic flaws. Currently researching cloud-native vulnerabilities and supply chain attacks.
A detailed walkthrough of CVE-2023-XXXX, an unauthenticated RCE vulnerability found in a widely used enterprise gateway solution. Exploitation involves prototype pollution leading to shell access.
Continuing from Part 1, we dive deep into the Stapler web framework used by Jenkins. We uncover how request routing can be manipulated to bypass ACLs and access administrative functionality.
How I was able to take over any user account on a popular SaaS platform due to a weak validation of the `redirect_uri` parameter in their OAuth flow.
Solving the hardest web challenge of the qualifiers involving a complex SSTI chain in a Python Flask application behind a rigorous WAF.