Category: poc

    Compact view
  • July 27, 2022
    Python vulnerabilities : Code execution in jinja templates

    We will see how to create context-free payloads for jinja2, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities.
    July 27, 2022 Python vulnerabilities : Code execution in jinja templates
  • December 12, 2021
    Exploiting Adminer's file read vulnerability with LOCAL DATA

    Improper Access Control in Adminer versions <= 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the server by connecting a remote MySQL database to the Adminer.
    December 12, 2021 Exploiting Adminer's file read vulnerability with LOCAL DATA
  • August 26, 2021
    Python context free payloads in Mako templates

    We will see how to create context-free payloads for Mako, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities.
    August 26, 2021 Python context free payloads in Mako templates
  • July 27, 2021
    Python vulnerabilities : Code execution in jinja templates

    We will see how to create context-free payloads for jinja2, always allowing direct access to the os module in a jinja2 template without requirements. These payloads will be particularly useful for exploiting SSTI vulnerabilities.
    July 27, 2021 Python vulnerabilities : Code execution in jinja templates
  • March 24, 2021
    Python format string vulnerabilities

    Python format strings can be very useful but they can be prone to vulnerabilities when misused.
    March 24, 2021 Python format string vulnerabilities
  • March 10, 2021
    Exploiting Micro Focus Enterprise Server Administration (ESA) 1.09.56 to root the host

    In this article I will demonstrate how to exploit Micro Focus Enterprise Server Administration (ESA) 1.09.56 to create a root account on the host server
    March 10, 2021 Exploiting Micro Focus Enterprise Server Administration (ESA) 1.09.56 to root the host
  • February 17, 2021
    Exploiting CVE-2020-14144 - GiTea Authenticated Remote Code Execution using git hooks

    The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood.
    February 17, 2021 Exploiting CVE-2020-14144 - GiTea Authenticated Remote Code Execution using git hooks
  • November 12, 2020
    Constructing a semi-interactive reverse shell with curl

    This article details how I created a curl-based reverse shell, from scratch.
    November 12, 2020 Constructing a semi-interactive reverse shell with curl
  • November 11, 2020
    Constructing a semi-interactive reverse shell with wget

    This article details how I created a wget-based reverse shell, from scratch.
    November 11, 2020 Constructing a semi-interactive reverse shell with wget