Spip Preauth RCE 2024: Part 2, A Big Upload Hello dear reader,This article is the continuation of my Spip research, with a twist!One S... 2024-9-4 08:0:0 | 阅读: 2 | 收藏 | Think Love Share - thinkloveshare.com bigup php spip formulaire fichiers

Spip Preauth RCE 2024: Part 1, The Feather Hi dear Sir, Madam. Please be informed that this is the third article dedicated to Spip 0-day... 2024-8-16 08:0:0 | 阅读: 2 | 收藏 | Think Love Share - thinkloveshare.com php spip modeles typo texte

Maarch Courrier 21.03, 2nd order cmd injecton to RCE IntroductionThis training session was focused on white-box code review and runtime intros... 2023-7-16 08:0:0 | 阅读: 2 | 收藏 | Think Love Share - thinkloveshare.com isavailable onlyoffice php withjson withstatus

Kong & Konga Exploitation & Hardening What is kong & why we’re relying on itIf you’re an occasional reader of the manomano-tech M... 2023-5-10 08:0:0 | 阅读: 6 | 收藏 | Think Love Share - thinkloveshare.com kong konga lua github security

Php-Internalog, Introspection Applied to 0day Research This article is the transcript of a talk (FR) @Groumpf_ and I gave for the RumpARennes and Gr... 2022-11-18 08:0:0 | 阅读: 0 | 收藏 | Think Love Share - thinkloveshare.com php groumpf python

Pre-Auth Remote Code Execution - Web Page Test As I joined ManoMano early in April 2022 (and due to the coordinated vulnerability disclosure... 2022-9-23 08:0:0 | 阅读: 2 | 收藏 | Think Love Share - thinkloveshare.com php testinfo ssrf jpeginfo wpt

RCE on Spip and Root-Me, v2! Hello there,This is the second article dedicated to Spip 0-day research, if you haven’t read... 2022-8-16 08:0:0 | 阅读: 5 | 收藏 | Think Love Share - thinkloveshare.com php spip payload ical mediabox

1001 ways to PWN prod - A tale of 60 RCE in 60 minutes This article is the transcript of a talk (FR) I gave for the HitchHack in May 2022, kudos for... 2022-7-14 08:0:0 | 阅读: 0 | 收藏 | Think Love Share - thinkloveshare.com php ssrf payload injection ssh

pty4all - The shells you deserve This article is the transcript of a talk (FR) I gave at the opening of the CTF platform TheBl... 2022-1-29 08:0:0 | 阅读: 3 | 收藏 | Think Love Share - thinkloveshare.com socat tcp4 butzel remote attacker

Failed02 Pulse Secure VPN and Guacamole WebSocket Hooking Second article of the Failed series!We often read articles or research that explain how to... 2021-12-18 08:0:0 | 阅读: 2 | 收藏 | Think Love Share - thinkloveshare.com realm guacamole puppeteer

RCE with SSRF and File Write as an exploit chain on Apache Guacamole While doing research on various topics, I stood upon Guacamole, a software that can be used a... 2021-11-20 08:0:0 | 阅读: 0 | 收藏 | Think Love Share - thinkloveshare.com guacamole guacd ssrf loopback ssh

Get shells with JET, the Jolokia Exploitation Toolkit TL;DR: I’m finally releasing JET, a Jolokia Exploitation Toolkit! To introduct this tool &... 2021-10-29 08:0:0 | 阅读: 6 | 收藏 | Think Love Share - thinkloveshare.com jolokia dummy jfr catalina

Failed01 - DOS to RCE in jolokia First article of a new series! Exciting isn’t it?We often read articles or research that ex... 2021-10-3 08:0:0 | 阅读: 7 | 收藏 | Think Love Share - thinkloveshare.com jolokia writeable djava bodsch

Salut, ca va ? Salut ! Ca va ?Ca va ! Et toi ?Ca va !What a useless proloque, right? Riiight?Well, not... 2021-9-24 08:0:0 | 阅读: 2 | 收藏 | Think Love Share - thinkloveshare.com useless client salut secondly riiight

SSRF to RCE with Jolokia and MBeans Okey, here’s a funny one I’ve been given to exploit recently.The cause of this bug is simpl... 2021-2-28 08:0:0 | 阅读: 9 | 收藏 | Think Love Share - thinkloveshare.com jolokia tat php arg1 arg2

RCE on Spip and Root-Me Hi there, This article is about Spip, root-me.org, XSS, SQLi, and Remote Code Execution. Ev... 2020-9-29 08:0:0 | 阅读: 0 | 收藏 | Think Love Share - thinkloveshare.com php ecrire spip 4494 lien

A Helping Hand From time to time, I help friends to troubleshoot issues. Coding, system administration, hack... 2020-5-3 08:0:0 | 阅读: 0 | 收藏 | Think Love Share - thinkloveshare.com helpee ssh ngrok tmux minos

Reverse XSShell While auditing a website, I found out they were using websockets to transmit data. I didn’t... 2020-2-22 08:0:0 | 阅读: 1 | 收藏 | Think Love Share - thinkloveshare.com reverse asyncio websockets payload xsshell

Infosec made easy Cross Site Scripting (XSS)Quand quelqu’un t’envoie un message mais qu’en fait ce message co... 2020-2-3 08:0:0 | 阅读: 1 | 收藏 | Think Love Share - thinkloveshare.com tu est une des pour

Wordpress Subpath Auditor About a month ago, I had to audit a wordpress website. As it was one of my first real-life pe... 2020-1-25 08:0:0 | 阅读: 1 | 收藏 | Think Love Share - thinkloveshare.com wordpress proxy auditor crawler cough