- Published on
The application contains vulnerabilities including XXE, RFI, reverse shell, privilege escalation, RCE, cracked password, and unauthorized access to sensitive files.
All Posts
All Posts
- linux (23)
- hacking-club (23)
- rce (7)
- sqli (5)
- lfi (3)
- bola (2)
- command-injection (2)
- idor (2)
- ssti (2)
- ssrf (2)
- rfi (2)
- api-rest (1)
- cve-2023-33733 (1)
- race-condition (1)
- lfr (1)
- graphql (1)
- code-injection (1)
- insecure-desseralization (1)
- windows (1)
- cloud (1)
- cve-2022-36231 (1)
- cve-2022-29464 (1)
- function-injection (1)
- cve-2022-24112 (1)
- cve-2024-29510 (1)
- seo-poisoning (1)
- xxe (1)
- Published on
The application is vulnerable to JWT token forgery, remote code execution (RCE), and privilege escalation via slo-generator.- Published on
Application has exposed credentials vulnerability, Function Injection leading to RCE, improper use of eval() in Python, and privilege escalation via verify.py script.- Published on
Máquina sobre Broken Access Control, BOLA, SQL Injection e linux capabilities.- Published on
On the Paradize machine, we need to exploit an SQL injection to upload a webshell and explore a path hijacking vulnerability.