By thezero & suidpit
30/01/2024
Hunting for Unauthenticated n-days in Asus Routers
Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.
RCE NDay CVE Exploit Writeup
12
Min
By suidpit
24/10/2023
CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files
A recently disclosed CVE for the Orthanc DICOM server can be used to obtain Remote Code Execution. As a PoC was not available, we wrote one.
RCE File Upload Exploit Writeup
8
By thezero & zi0black
24/10/2019
Don’t open that XML: XXE to RCE in XML plugins for VS Code, Eclipse, Theia, …
The LSP4XML library used by many IDE and editors was affected by an XXE which lead to RCE exploitable by just opening an XML file.
RCE XXE Exploit Writeup
6
By thezero
19/10/2019
Exploiting an old noVNC XSS (CVE-2017-18635) in OpenStack
OpenStack was using an old version of noVNC affected by a DOM-based XSS that allowed attackers to steal VM tokens and take over VMs.
XSS Exploit Writeup
4
04/02/2019
FridaLab – Writeup
Writeup for the FridaLab challenge with a basic introduction to the Frida toolkit on Android.
CTF Tutorial Writeup Android Frida
3