- Published on
Machine for network traffic analysis and vulnerability exploitation in Ghostscript (CVE-2024-29510).
All Posts
All Posts
- linux (23)
- hacking-club (23)
- rce (7)
- sqli (5)
- lfi (3)
- bola (2)
- command-injection (2)
- idor (2)
- ssti (2)
- ssrf (2)
- rfi (2)
- api-rest (1)
- cve-2023-33733 (1)
- race-condition (1)
- lfr (1)
- graphql (1)
- code-injection (1)
- insecure-desseralization (1)
- windows (1)
- cloud (1)
- cve-2022-36231 (1)
- cve-2022-29464 (1)
- function-injection (1)
- cve-2022-24112 (1)
- cve-2024-29510 (1)
- seo-poisoning (1)
- xxe (1)
- Published on
The application has Remote Code Execution vulnerabilities in Apache APISIX (CVE-2022-24112) and privilege escalation via the SUID binary lua.- Published on
Exploring an SSTI vulnerability in a live rendering application, it is possible to gain RCE on the server. The privilege escalation involves sudo permissions on logstash.- Published on
The Reader machine has SSRF and RFI vulnerabilities that allow RCE and privilege escalation to root via capabilities in the Perl binary.- Published on
Machine involving SQL Injection, code injection, and reversing (PE).