Exploiting OS Command Injection for Remote Code Execution.
-
posts
-
OS Command Injection to Remote Code Execution
-
Unveiling the Hotel Booking Hack: Leveraging Business Logic Flaws for Free Subscriptions and 12% Discounts
Business Logic Error leads to pay 0 amount for subscription and obtain 12% discount on the booking.
-
Unveiling the Consequences: Database Dump Exploitation through Mass Assignment Vulnerability
Dump the database through Mass Assignment Vulnerability.
-
Bypassing Web Application Firewall (WAF) to Exploit SQL Injection Vulnerabilities
This blog delves into the techniques used to bypass a Web Application Firewall (WAF) and exploit SQL injection vulnerabilities in a financial management web application.
-
Exploiting Business Logic Error: Price Manipulation
This blog discusses the exploitation of a business logic error that allows users to manipulate prices and pay less for the products and services offered by the target company.
-
Account Takeover Through Manipulation of Session Storage
This blog explores the method of account takeover by manipulating the local session storage in a financial web application.
-
Exploiting Misconfigurations and Authorization Vulnerabilities in a Multinational Company's Content Management System
This blog discusses the exploitation of misconfigurations and authorization vulnerabilities in a Multinational Company’s Content Management System (CMS) application
-
Analysis of Client-Side Encryption Reverse Engineering
An in-depth analysis of reverse engineering client-side encryption in a web application.
-
Remote Code Execution via DLL Hijacking on a Prominent Business Automation Application
An in-depth analysis of the DLL hijacking vulnerability leading to remote code execution in one of the leading business automation products.
-
Insecure Deserialization
A pentester’s guide to insecure deserialization.
-
Insecure Direct Object References (IDOR) Exploit Enables Unauthorized Access to Linked Bank Accounts
Exploiting an Insecure Direct Object References (IDOR) vulnerability to gain control over other users’ linked bank accounts.
-
API Security Misconfiguration Leads to tons of PII data Leakage
API Security Misconfiguration Leads to tons of PII data Leakage.
-
Time-Based SQL Injection to Dumping the Database
Dumping the database by leveraging time-based SQL Injection.
-
Uncovering the Extensive Subdomain Takeover Vulnerability
Massive Subdomains Take Over using subzy.
-
Remote Code Execution via File Upload
Obtain Remote Code Execution due to Unrestricted File Upload.
-
Jailbreaking iPhone and Setting Up Dynamic Analysis Lab
iOS Pen-testing dynamic analysis lab setup.
-
Remote Code Execution through Unrestricted File Upload
Obtain remote code execution through file upload feature.
-
Account Takeover through Response Manipulation
Takeover targetted users account via response manipulation.
-
Remote Code Execution through Unrestricted File Upload
Remote Code Execution through Unrestricted File Upload
-
Account Takeover Due to Lack of Rate Limiting Protection
Take over user accounts by abusing improper rate limitation.
-
Discovery of Reflected Cross-Site Scripting (XSS) Vulnerability in a Public Program
Reflected Cross-site Scripting.