Latest Write-ups
💉 Command Injection in Move File Function Allows Reading Server Files (HTB)
A bypass technique that abuses third-party OAuth misconfigurations to disable 2FA protection.
Read More
🛡️ Remote Code Execution via File Upload (HTB)
A Remote Code Execution (RCE) vulnerability was discovered on the file upload feature
Read More
🍬 HTB CTF: CandyVault – NoSQL Login Bypass
A fun MongoDB NoSQL login bypass on a Flask app from Hack The Box's CandyVault challenge.
Read More