-
The hell of OGNL injection revisited
OGNL stands for Object-Graph Navigation Language and it’s a widely used expression language in the Java web world. Its main ability is to provide advanced functionalities on web template rendering, specially on Struts 2 framework and Atlassian WebWork.
-
Analysis and explotation of 2019-10068, a Remote Command Execution in Kentico CMS <= 12.04
During a Red Team assesment, it’s important to be able to investigate and successfully exploit public but undisclosed bugs. In this case, I’m going to explain the methodology for analyzing and exploit an undisclosed bug on Kentico CMS, a .NET based enterprise CMS, let’s go!
-
[CTF Write-up] Midnightsun CTF Finals Marcololo (web. mid)
This weekend, Midnightsun CTF Finals took place, a really funny CTF in Stockholm, a lovely place to visit.
-
[CTF Write-up] Midnightsun CTF Quals- Cloudb (web. hard)
This weekend, my mates of ID-10-T Team and I decided to play the Midnightsun CTF, we had a long time without playing CTFs so it was nice to meet again and solve some challenges.
-
[CTF Write-up] Midnightsun CTF Quals- Bigspin (web. mid)
This weekend, my mates of ID-10-T Team and I decided to play the Midnightsun CTF, we had a long time without playing CTFs so it was nice to meet again and solve some challenges.