rv
blog
security
TIL
uses
Security
advisories
ServiceNow <= ‘Jakarta’ Patch 8 privilege escalation
Trovebox - Authentication Bypass, SQLi, SSRF
Kaltura - Remote Code Execution and Cross-Site Scripting
myBloggie 2.1.6 SQL Injection
Affiliate Network Pro v7.2 SQL Injections, Arbitrary code
Codegrrl Protection.PHP Unspecified Code Execution Vulnerability
PHP-Fusion <= 6.00.206 Multiple Vulnerabilities
dotproject <= 2.0.1 remote code execution
WebSpell > 4.0 Authentication Bypass and arbitrary code execution
WEB//NEWS SQL Injection
PHP Nuke <= 7.8 Multiple SQL Injections
exploits
cowroot.c
- weaponized dirtycow exploit
kaltura_unserialize_cookie_rce.py
- RCE exploit for Kaltura vulnerability
capture-the-flag writeups
Google CTF ‘17, web (Joe)
ASIS CTF ‘17, web129 (Tar Bomb)
VolgaCTF ‘17, web200 (SharePoint)
nullcon ‘17, pwn200
34C3 Junior ‘17, Kim Crypto