49 POSTS
DATE CAT TITLE TARGET CVSS
2022 · 4
26-04 POST VestaCP Multiple Vulnerabilities VestaCP 7.8 15-02 EXPLOIT CVE-2022-24977 - ImpressCMS path traversal to pre-auth RCE ImpressCMS 9.8 15-02 CVE CVE-2022-24977 - ImpressCMS path traversal to pre-auth RCE ImpressCMS 9.8 12-02 POST impressCMS - unauthenticated code execution ImpressCMS 9.8 2021 · 16
07-12 CVE CVE-2020-36474 - Vanilla SSRF Vanilla 9.8 05-12 POST HITCON CTF 2021 Metamon-Verse Writeup HitconCTF 2021 — 23-11 POST Moodle Blind SQL injection via MNet authentication Moodle 7.2 22-10 POST Moodle - Stored XSS and blind SSRF possible via feedback answer text Moodle 6.1 20-08 POST Vanilla - SSRF via media scrape API through dns rebinding Vanilla 9.8 09-08 POST Roxy-WI through 5.2.2.0 pre-auth RCE Roxy-wi 9.8 07-08 CVE CVE-2021-38169 - Roxy-WI through 5.2.2.0 allows authenticated cmd Injection Roxy-WI 8.8 07-08 CVE CVE-2021-38168 - Roxy-WI through 5.2.2.0 allows authenticated SQL injection Roxy-WI 8.8 07-08 CVE CVE-2021-38167 - Roxy-WI through 5.2.2.0 allows unauthenticated SQL Injection Roxy-WI 9.8 22-07 CVE CVE-2021-36396 - Moodle Blind SSRF possible against cURL blocked hosts Moodle 7.5 17-05 CVE CVE-2021-32474 - Moodle Blind SQL injection via MNet authentication Moodle 7.2 17-05 EXPLOIT 3kCTF-2021 - babyrtos exploit 3kCTF 2021 — 17-05 EXPLOIT 3kCTF-2021 - telnet exploit 3kCTF 2021 — 17-05 POST 3kCTF-2021 - ppaste writeup 3kCTF 2021 — 16-03 CVE CVE-2021-20280 - Moodle Stored XSS and blind SSRF via feedback answer text Moodle 5.4 11-01 POST h1CTF - HackyHolidays walkthrough H1-CTF —
CONTACT
rekter0
PROFESSIONAL SLOPPER
Application security research. vulnerability disclosure, and the occasional pre-auth RCE chain.
28 CVE 7 EXPLOIT 14 POST