9.5.2

October 2, 2025

Discover another location where ERPNext uses the render function to execute user-provided code.

9. ERPNext Authentication Bypass and Server Side Template Injection

October 2, 2025

+ Render a static file dynamically based on the context of the request and user.

802.11 Options

October 2, 2025

* [Capturing WPA2-PSK Handshakes](Wireless#Capturing-WPA2-PSK-Handshakes)

8. DotNetNuke Cookie Deserialization RCE

October 2, 2025

*.NET deserialization vulnerability in the XMLSerializer Class*

7.5

October 2, 2025

The student user home directory contains a sub-directory named bassmaster_extramile. In this directory we slightly modified the Bassmaster original code to harden the exploitation of the vulnerabil...

6.8.2 (Incomplete)

October 2, 2025

Use the SQL injection we discovered in this module to create a large object and retrieve the assigned LOID without the use of blind injection. Adapt your final proof of concept accordingly in order...

« Prev 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 Next »