InfoSec Blog

suidpit

Security Researcher and Penetration Tester at Shielder. Human, Chaotic Good. Disciple of Bushido & Disney.

CVE-2024-26131, CVE-2024-26132 - Element Android Vulnerabilities

By suidpit & thezero

18/04/2024

Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers

A writeup about two intent-based Android vulnerabilities CVE-2024-26131 and CVE-2024-26132 in Element (Matrix).

Read more

android CVE writeup

15

Min

CVE-2023-39238 - Asus Router Format String RCE

By thezero & suidpit

30/01/2024

Hunting for Unauthenticated n-days in Asus Routers

Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.

Read more

RCE NDay CVE Exploit Writeup

12

Min

CVE-2023-33466 - Orthanc RCE

By suidpit

24/10/2023

CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files

A recently disclosed CVE for the Orthanc DICOM server can be used to obtain Remote Code Execution. As a PoC was not available, we wrote one.

Read more

RCE File Upload Exploit Writeup

8

Min