TheVillageHacker
Blog
Writeups
Published Research — Writeups Archive
2026
CVE-2026-42945
NGINX Rift: An 18-Year-Old Bug That Can Hand Attackers Your Server
NGINX // HTTP REQUEST PARSING // REMOTE CODE EXECUTION
CRITICAL
CVE-2026-21858
Ni8mare: Unauthenticated Remote Code Execution in n8n
N8N // NODE.JS // UNAUTHENTICATED RCE
CRITICAL
2024
OS COMMAND INJECTION
OS Command Injection to Remote Code Execution
WINDOWS COMMAND INJECTION // OOB VALIDATION // POWERSHELL RCE
CRITICAL
2023
BUSINESS LOGIC ERROR
Exploiting Business Logic Error: Subscription Manipulation
SUBSCRIPTION MANIPULATION // ENCRYPTED PAYLOADS // CHECKOUT PROCESS
CRITICAL
MASS ASSIGNMENT
Database Dump Exploitation through Mass Assignment Vulnerability
MASS ASSIGNMENT // DATABASE DUMP // SENSITIVE DATA EXPOSURE
CRITICAL
BUSINESS LOGIC ERROR
Exploiting Business Logic Error: Price Manipulation
PRICE MANIPULATION // ENCRYPTED PAYLOADS // CHECKOUT PROCESS
CRITICAL
AUTHORIZATION BYPASS
Account Takeover Through Manipulation of Session Storage
SESSION STORAGE // USER ENUMERATION // COOKIE AUTHENTICATION
HIGH
AUTHORIZATION BYPASS
Exploiting Misconfigurations and Authorization Vulnerabilities
JWT ANALYSIS // AWS COGNITO // LOCAL STORAGE AUTHORIZATION BYPASS
CRITICAL
CRYPTOGRAPHY
Reversing Client-Side Encryption: Exploiting Weak Crypto Implementations
CRYPTOGRAPHY // ENCRYPTION REVERSING // WEAK CRYPTO
CRITICAL
2022
DLL HIJACKING
Remote Code Execution via DLL Hijacking
WINDOWS APPLICATION SECURITY // DLL SEARCH ORDER HIJACKING // WINDOWS PAYLOADS // METERPRETER
CRITICAL
2021
SUBDOMAIN
Massive Subdomain Takeover via Heroku — 20+ Subdomains
HEROKU // DNS MISCONFIGURATION // TAKEOVER
HIGH
TOOL / LAB
iOS Pentesting: Jailbreaking iPhone & Dynamic Analysis Lab Setup
FRIDA // OBJECTION // BURP SUITE // IOS
LAB