The exploitation of CVE-2024-36467, CVE-2024-42327 in terms of HTB Unrested machine. A simple option for SQL injection and PoC. Zabbix 7.0.0

Case study If the following chars are banned from injection ( "{{", "}}", ".", "_", "[", "]","\\", "x"), it is still possible to perform SSTI, because symbols as %, {, } and ( , ) are still accessi...

My Experience On the 24th of June, I received my OSWE certification from OffSec, formerly known as Offensive Security. It’s a solid certification for a web penetration tester position. Before I de...

Introduction I have prepared material on the Prototype pollution topic for today’s posts based on my notes from 2023 for a speech. It might be already deprecated partially, or there are some new m...

Yet another realistic scenario showing a problem of custom realization on MFA function. But suppose you are familiar with possible scenarios at PortSwigger Academy on the “Vulnerabilities in multi-...