-
[2026-02-04] | OS: Linux | Category: Web
Git Exposed, PHP Object Injection in Yii2 Framework to achieve RCE and Command Injection via cron binary reading from world-writable config file (privesc).
-
[2025-02-23] | OS: Linux | Category: Web
Git Exposed, JWT modification, Command Injection with bypass, WordPress user create via PHP script using wp-load.php and RCE in WordPress by modifying the themes functions.php file.
-
[2025-02-26] | OS: Linux | Category: Web
Bypass Verification with SQL Injection, Code Review to get RCE and Reverse Engineering to get root via Path Hijacking (privesc).
-
[2025-01-30] | OS: Linux | Category: Web
Broken Access Control, Path Traversal, Reverse Malware Engineering to get RCE and Sudo Exec Permission via smbclient (privesc)
-
[2025-01-16] | OS: Linux | Category: Web
LFI via PHP, change user to UHC using Prototype Pollution and File with Sudo Exec Permission via Node (privesc).
-
[2024-12-26] | OS: Linux | Category: Web
Default Password, Type Juggling via Cookies, Insecure Desserialization in PHP with RFI and File with Sudo Exec Permission via Format String Python (privesc).
-
[2024-12-11] | OS: Linux | Category: Web
Git Exposed, Type Juggling, LFI and Cron Binary run-parts (/usr/local/sbin).
-
[2024-12-01] | OS: Linux | Category: Web
SQL Injection, Hash Crack, Command Injection, Bash SUID and Docker Breakout/Escape.
-
[2024-11-15] | OS: Linux | Category: Web
Union-based SQL injection, PHP webshell upload via SQLi, and cron job misconfiguration for privesc.
-
[2024-10-20] | OS: Linux | Category: Web
LFI, log poisoning via User-Agent injection, and Linux capabilities exploitation.