26-04-2022 |
POST |
VestaCP Multiple Vulnerabilities |
15-02-2022 |
EXPLOIT |
CVE-2022-24977 - ImpressCMS path traversal to pre-auth RCE |
15-02-2022 |
CVE |
CVE-2022-24977 - ImpressCMS path traversal to pre-auth RCE |
12-02-2022 |
POST |
impressCMS - unauthenticated code execution |
07-12-2021 |
EXPLOIT |
CVE-2020-36474 - Vanilla SSRF |
05-12-2021 |
POST |
HITCON CTF 2021 Metamon-Verse Writeup |
23-11-2021 |
POST |
Moodle Blind SQL injection via MNet authentication |
22-10-2021 |
POST |
Moodle - Stored XSS and blind SSRF possible via feedback answer text |
20-08-2021 |
POST |
Vanilla - SSRF via media scrape API through dns rebinding |
09-08-2021 |
POST |
Roxy-WI through 5.2.2.0 pre-auth RCE |
07-08-2021 |
CVE |
CVE-2021-38169 - Roxy-WI through 5.2.2.0 allows authenticated cmd Injection |
07-08-2021 |
CVE |
CVE-2021-38168 - Roxy-WI through 5.2.2.0 allows authenticated SQL injection |
07-08-2021 |
CVE |
CVE-2021-38167 - Roxy-WI through 5.2.2.0 allows unauthenticated SQL Injection |
22-07-2021 |
CVE |
CVE-2021-36396 - Moodle Blind SSRF possible against cURL blocked hosts |
17-05-2021 |
CVE |
CVE-2021-32474 - Moodle Blind SQL injection via MNet authentication |
17-05-2021 |
EXPLOIT |
3kCTF-2021 - babyrtos exploit |
17-05-2021 |
EXPLOIT |
3kCTF-2021 - telnet exploit |
17-05-2021 |
POST |
3kCTF-2021 - ppaste writeup |
16-03-2021 |
CVE |
CVE-2021-20280 - Moodle Stored XSS and blind SSRF via feedback answer text |
11-01-2021 |
POST |
h1CTF - HackyHolidays walkthrough |
31-12-2020 |
POST |
iceCTF-2020 - krouter writeup |
31-12-2020 |
CVE |
CVE-2020-36474 - safecurl <= 3.3, vanilla forum <= 0.9.2 dns rebind to ssrf |
29-09-2020 |
CVE |
CVE-2020-26134 - Live Helper Chat before 3.44v - stored xss |
25-07-2020 |
POST |
3kCTF-2020 - babym1ps writeup |
25-07-2020 |
EXPLOIT |
3kCTF-2020 - babym1ps exploit |
25-07-2020 |
POST |
3kCTF-2020 - reporter writeup |
25-07-2020 |
POST |
3kCTF-2020 - Glitch writeup |
25-07-2020 |
EXPLOIT |
3kCTF-2020 - Glitch exploit |
14-05-2020 |
EXPLOIT |
CVE-2020-12720 - Vbulletin RCE |