Articles

We will see how to create context-free payloads for jinja2, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities.

In this article we will analyze an exploit for RemoteMouse 3.008 allowing unauthenticated keyboard control of a remote machine.

Improper Access Control in Adminer versions <= 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the server by connecting a remote MySQL database to the Adminer.

A talk on optimization of SSTIs payloads in jinja2 to achieve remote code execution, presented at GreHack 2021.

We will see how to perform a depth-first search in a web application search APIs to extract database content efficiently.

We will see how to create context-free payloads for Mako, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities.

We will see how to create context-free payloads for jinja2, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities.

On June 22, 2021, an aggregate of data concerning 700 million LinkedIn accounts was offered for sale on a forum. We will analyze its content in detail.

There are different types of port forwarding with an SSH connection. Remote, local, dynamic port forwarding, how does it work, how to choose them? This is what we will see in this article!

Python format strings can be very useful but they can be prone to vulnerabilities when misused.

The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood.

What would happen if we tried to allocate an infinite amount of memory ? This is what we will try to discover in this article !