● LATEST
Code Review Apr 21, 2026 Easy
Code Review: Insecure Direct Object Reference — Accessing Any User's Data
A profile endpoint that fetched user data by ID from the request parameter — with no ownership check — allowed any authenticated user to read any other user's private information.
idorbroken-access-controlnodejscode-reviewweb
Code Review Apr 20, 2026 Medium
Code Review: Server-Side Request Forgery via Unvalidated URL Fetch
A webhook testing feature that fetched user-supplied URLs with no validation allowed an attacker to proxy requests through the server — reaching internal services, cloud metadata endpoints, and sensitive infrastructure.
ssrfnodejswebhookcloudcode-review
Code Review Apr 02, 2026 Medium
Code Review: CDN Cache Poisoning Leading to Sensitive Data Exposure
A custom CDN middleware implementation with a flawed caching strategy allowed any unauthenticated user to poison the cache and retrieve sensitive account data belonging to other users.
cache-poisoninginformation-disclosurejavascriptnodejscode-review
Code Review Mar 22, 2026 Medium
Code Review: SQL Injection via Unsanitized Query Construction
A login form built with raw string concatenation instead of parameterized queries allowed complete authentication bypass and full database extraction — one of the most exploited vulnerabilities in real-world penetration testing.
sqlisql-injectionphpmysqlauthentication-bypasscode-review
Code Review Mar 14, 2026 Medium
Code Review: Local File Inclusion via Unsanitized User Input
A PHP file inclusion pattern with zero input validation allowed an attacker to read arbitrary files from the server filesystem — including sensitive configuration files and system credentials.
lfiphpfile-inclusioncode-reviewpath-traversal
Privilege Escalation Feb 05, 2026 Easy
SUID php7.4 — From www-data to Root in One Command
During a lab exercise I landed a shell as www-data. A quick SUID enumeration revealed php7.4 with the SUID bit set. Here's how I went from a low-privilege web shell to full root access.
suidphpprivilege-escalationlinuxgtfobins
Web Application Jan 14, 2026 Medium
From a Leaky Debug Error to Full Local File Read
What started as a weird error message in a file download API turned into reading /etc/passwd off a production server. Here's the full story.
lfifile-readapidebugburpsuite
Network Jan 09, 2026 Easy
Talking Directly to a Printer PJL Enumeration on Port 9100
During a network pentest I found port 9100 open on an internal host. Turned out to be an HP LaserJet MFP. Here's how I enumerated it using raw PJL commands and what it exposed.
pjlprinternetworkenumerationport-9100
Code Review Nov 18, 2025 Hard
Code Review: Prototype Pollution via Unsafe Object Merge
A custom deep merge utility passed user-controlled input directly into object property assignment — allowing an attacker to pollute JavaScript's Object prototype and escalate to remote code execution.
prototype-pollutionjavascriptnodejsrcecode-review
Web Application Nov 14, 2025 Hard
Java Deserialization RCE via Excel Import — NT AUTHORITY\SYSTEM
An Import/Export feature accepting XML files led to a Java deserialization vulnerability. By crafting a malicious XML payload using ProcessBuilder, I achieved remote code execution as NT AUTHORITY\SYSTEM.
deserializationrcejavaxmlburpsuitecollaborator
Web Application Jun 23, 2025 Medium
XXE Injection to Arbitrary File Read — From a Product Search API
A product search endpoint that accepted XML input had no entity processing restrictions. By injecting a malicious external entity, I read internal server files on both Linux and Windows targets.
xxexmlfile-readburpsuiteweb
Web Application Jun 17, 2025 Medium
TCL Injection to RCE — When the Admin Console Becomes a Shell
An administrative console exposed a TCL script execution interface with no input sanitization. What was designed for internal diagnostics became a direct path to remote code execution as NT AUTHORITY\SYSTEM.
rcetcl-injectioncommand-injectionwebadmin-console