Exploiting OS Command Injection for Remote Code Execution.
-
posts
-
OS Command Injection to Remote Code Execution
-
Proving grounds Practice: Sybaris
Proving grounds Practice - Sybaris CTF writeup.
-
Proving grounds Practice: Potfish
Proving grounds Practice - Potfish CTF writeup.
-
Proving grounds Practice: ZenPhoto
Proving grounds Practice - ZenPhoto CTF writeup.
-
Proving grounds Practice: Peppo
Proving grounds Practice - Peppo CTF writeup.
-
Proving grounds Practice: Hetemit
Proving grounds Practice - Hetemit CTF writeup.
-
Proving grounds Practice: Zino
Proving grounds Practice - Zino CTF writeup.
-
Proving grounds Practice: Hunit
Proving grounds Practice - Hunit CTF writeup.
-
Proving grounds Practice: Dibble
Proving grounds Practice - Dibble CTF writeup.
-
Proving grounds Practice: Banzai
Proving grounds Practice - Banzai CTF writeup.
-
Proving grounds Practice: Nibbles
Proving grounds Practice - Nibbles CTF writeup.
-
Proving grounds Practice: Fail
Proving grounds Practice - Fail CTF writeup.
-
Unveiling the Hotel Booking Hack: Leveraging Business Logic Flaws for Free Subscriptions and 12% Discounts
Business Logic Error leads to pay 0 amount for subscription and obtain 12% discount on the booking.
-
Proving grounds Practice: Wombo
Proving grounds Practice - Wombo CTF writeup.
-
Proving grounds Play: Payday
Proving grounds Practice - Payday CTF writeup.
-
Proving grounds Play: Hawat
Proving grounds Practice - Hawat CTF writeup.
-
Proving grounds Play: GLPI
Proving grounds Practice - Payday CTF GLPI.
-
Proving grounds Play: Fractal
Proving grounds Practice - Fractal CTF writeup.
-
Proving grounds Play: Muddy
Proving grounds Practice - Muddy CTF writeup.
-
Proving grounds Play: Wheels
Proving grounds Practice - Wheels CTF writeup.
-
Proving grounds Play: Levram
Proving grounds Practice - Levram CTF writeup.
-
Proving grounds Play: Flimsy
Proving grounds Practice - Flimsy CTF writeup.
-
Proving grounds Play: Astronaut
Proving grounds Practice - Astronaut CTF writeup.
-
Proving grounds Play: Bratarina
Proving grounds Practice - Bratarnia CTF writeup.
-
Proving grounds Play: Codo
Proving grounds Practice - Codo CTF writeup.
-
Proving grounds Practice: Fanatastic
Proving grounds Practice - Fanatastic CTF writeup.
-
Proving grounds Play: BTRSys2.1
Proving grounds Play - BTRSys2.1 CTF writeup.
-
Proving grounds Play: Stapler
Proving grounds Play - Stapler CTF writeup.
-
Proving grounds Play: Empire-breakout
Proving grounds Play - Empire-Breakout CTF writeup.
-
Proving grounds Play: SunsetDecoy
Proving grounds Play - SunsetDecoy CTF writeup.
-
Proving grounds Play: Ha-natraj
Proving grounds Play - Ha-natraj CTF writeup.
-
Proving grounds Play: BBSCute
Proving grounds Play - BBSCute CTF writeup.
-
Proving grounds Play: Gaara
Proving grounds Play - Gaara CTF writeup.
-
Proving grounds Play: Katana
Proving grounds Play - Katana CTF writeup.
-
Proving grounds Play: Lampiao
Proving grounds Play - Lampiao CTF writeup.
-
Proving grounds Play: Monitoring
Proving grounds Play - Monitoring CTF writeup.
-
Proving grounds Play: Photographer
Proving grounds Play - Photographer CTF writeup.
-
Proving grounds Play: Dawn
Proving grounds Play - Dawn CTF writeup.
-
Proving grounds Play: Inclusiveness
Proving grounds Play - Inclusiveness CTF writeup.
-
Proving grounds Play: Amaterasu
Proving grounds Play - Amaterasu CTF writeup.
-
Proving grounds Play: Vegeta1
Proving grounds Play - Vegeta1 CTF writeup.
-
Proving grounds Play: Potato
Proving grounds Play - Potato CTF writeup.
-
Proving grounds Play: Seppuku
Proving grounds Play - Seppuku CTF writeup.
-
Proving grounds Play: PyExp
Proving grounds Play - PyExp CTF writeup.
-
Proving grounds Play: Shakabrah
Proving grounds Play - Shakabrah CTF writeup.
-
Proving grounds Play: FunboxEasy
Proving grounds Play - FunboxEasy CTF writeup.
-
Proving grounds Play: FunboxEasyEnum
Proving grounds Play - FunboxEasyEnum CTF writeup.
-
Proving grounds Play: FunboxRookie
Proving grounds Play - FunboxRookie CTF writeup.
-
Proving grounds Play: Solstice
Proving grounds Play - Solstice CTF writeup.
-
Proving grounds Play: Moneybox
Proving grounds Play - Moneybox CTF writeup.
-
Proving grounds Play: SunsetNoontide
Proving grounds Play - SunsetNoontide CTF writeup.
-
Proving grounds Play: DriftingBlues6
Proving grounds Play - DriftingBlues6 CTF writeup.
-
Proving grounds Play: DC-2
Proving grounds Play - DC-2 CTF writeup.
-
Proving grounds Play: DC-1
Proving grounds Play - DC-1 CTF writeup.
-
Proving grounds Play: EvilBox-One
Proving grounds Play - EvilBox-One CTF writeup.
-
Proving grounds Play: Infosecprep
Proving grounds Play - Infosecprep CTF writeup.
-
Proving grounds Play: Sumo
Proving grounds Play - Sumo CTF writeup.
-
Proving grounds Play: CyberSploit1
Proving grounds Play - Cybersploit1 CTF writeup.
-
Proving grounds Practice: Internal
Proving grounds Practice - Internal CTF writeup.
-
Proving grounds Practice: Kevin
Proving grounds Practice - Kevin CTF writeup.
-
Proving grounds Practice: Helpdesk
Proving grounds Practice - Helpdesk CTF writeup.
-
Proving grounds Practice: RubyDome
Proving grounds Practice - RubyDome CTF writeup.
-
Proving grounds Practice: Twiggy
Proving grounds Practice - Twiggy CTF writeup.
-
Proving grounds Practice: Exfiltrated
Proving grounds Practice - Exfiltrated CTF writeup.
-
Proving grounds Practice: Algernon
Proving grounds Practice - Algernon CTF writeup.
-
Proving grounds Practice: Squid
Proving grounds Practice - Squid CTF writeup.
-
Proving grounds Practice: ClamAV
Proving grounds Practice - ClamAV CTF writeup.
-
Proving grounds Practice: Pebbles
Proving grounds Practice - Pebbles CTF writeup.
-
Proving grounds Practice: Hub
Proving grounds Practice - Hub CTF writeup.
-
Proving grounds Play: Access
Proving grounds Practice - Access CTF writeup.
-
Proving grounds Practice: Vault
Proving grounds Practice - Vault CTF writeup.
-
Proving grounds Play: Djinn3
Proving grounds Play - Djinn3 CTF writeup.
-
Proving grounds Play: SunsetMidnight
Proving grounds Play - SunsetMidnight CTF writeup.
-
Proving grounds Play: Sar
Proving grounds Play - Sar CTF writeup.
-
Proving grounds Play: SoSimple
Proving grounds Play - SoSimple CTF writeup.
-
Proving grounds Play: Election1
Proving grounds Play - Election1 CTF writeup.
-
Proving grounds Play: ICMP
Proving grounds Play - ICMP CTF writeup.
-
Unveiling the Consequences: Database Dump Exploitation through Mass Assignment Vulnerability
Dump the database through Mass Assignment Vulnerability.
-
Proving grounds Play: OnSystemShellDredd
Proving grounds Play - OnSystemShellDredd CTF writeup.
-
Bypassing Web Application Firewall (WAF) to Exploit SQL Injection Vulnerabilities
This blog delves into the techniques used to bypass a Web Application Firewall (WAF) and exploit SQL injection vulnerabilities in a financial management web application.
-
Exploiting Business Logic Error: Price Manipulation
This blog discusses the exploitation of a business logic error that allows users to manipulate prices and pay less for the products and services offered by the target company.
-
Account Takeover Through Manipulation of Session Storage
This blog explores the method of account takeover by manipulating the local session storage in a financial web application.
-
Exploiting Misconfigurations and Authorization Vulnerabilities in a Multinational Company's Content Management System
This blog discusses the exploitation of misconfigurations and authorization vulnerabilities in a Multinational Company’s Content Management System (CMS) application
-
Analysis of Client-Side Encryption Reverse Engineering
An in-depth analysis of reverse engineering client-side encryption in a web application.
-
Remote Code Execution via DLL Hijacking on a Prominent Business Automation Application
An in-depth analysis of the DLL hijacking vulnerability leading to remote code execution in one of the leading business automation products.
-
Insecure Deserialization
A pentester’s guide to insecure deserialization.
-
Insecure Direct Object References (IDOR) Exploit Enables Unauthorized Access to Linked Bank Accounts
Exploiting an Insecure Direct Object References (IDOR) vulnerability to gain control over other users’ linked bank accounts.
-
API Security Misconfiguration Leads to tons of PII data Leakage
API Security Misconfiguration Leads to tons of PII data Leakage.
-
Time-Based SQL Injection to Dumping the Database
Dumping the database by leveraging time-based SQL Injection.
-
Uncovering the Extensive Subdomain Takeover Vulnerability
Massive Subdomains Take Over using subzy.
-
Remote Code Execution via File Upload
Obtain Remote Code Execution due to Unrestricted File Upload.
-
Jailbreaking iPhone and Setting Up Dynamic Analysis Lab
iOS Pen-testing dynamic analysis lab setup.
-
Remote Code Execution through Unrestricted File Upload
Obtain remote code execution through file upload feature.
-
Account Takeover through Response Manipulation
Takeover targetted users account via response manipulation.
-
Remote Code Execution through Unrestricted File Upload
Remote Code Execution through Unrestricted File Upload
-
Account Takeover Due to Lack of Rate Limiting Protection
Take over user accounts by abusing improper rate limitation.
-
Discovery of Reflected Cross-Site Scripting (XSS) Vulnerability in a Public Program
Reflected Cross-site Scripting.