Back
Blog
- QQPlayer 3.9 Heap Overflow: Matroska Exploitation
Analysis of a heap overflow vulnerability in QQPlayer 3.9 discovered through WinAFL fuzzing of .webm files, exploiting Matroska container parsing flaws.
- VLC 2.2.6 Stack Overflow: ActiveX Plugin Exploitation
Analysis of a stack overflow vulnerability in VLC Media Player 2.2.6 discovered through .vob file fuzzing, exploitable via Internet Explorer ActiveX plugin.
- Mercury Browser Intent Hijacking: Android File Manager RCE
Critical intent hijacking vulnerability in Mercury Browser for Android enabling arbitrary file upload and code execution through file manager abuse.
- Audacious 3.8/3.9 Stack Overflow: Deep Dive Analysis
In-depth analysis of a critical stack overflow vulnerability in Audacious Player, discovered through fuzzing .aac files with advanced exploitation techniques.
- WIX Premium Zone Bypass: API Security Vulnerability
Analysis of a critical WIX.com premium zone authentication bypass allowing unauthorized access to protected content via API enumeration.
- Frameshock Framework: Modular Penetration Testing
Deep dive into Frameshock, a modular penetration testing framework with Shodan integration, multi-target management, and advanced payloads.
- License Plate OSINT: Argentina Vehicle Registry
How I reverse-engineered Argentina's license plate system to track down a hit-and-run driver using client-side JavaScript vulnerabilities.
- Shellshock QMAIL Exploitation: SMTP Injection Attack
Advanced exploitation of CVE-2014-6271 (Shellshock) through QMAIL SMTP servers via MAIL FROM header injection for remote code execution.
Get free template