Search for a command to run...
Series
We are the breach before the real breach.
I. Introduction Disclaimer: This blog does not cover bypassing BShield. It is simply a summary of how I used AI as a tool to assist with analysis, debugging, environment setup, and attempting to rever
I. CVE-2025-24799 Tổng quan CVE-2025-24799 là lỗ hổng SQL Injection trước xác thực (Pre-auth SQLi) trong GLPI (phiên bản ≤ 10.0.17), nằm trong tính năng “Inventory”. Lỗi xuất phát từ việc xử lý sai
Bài viết sẽ trình bày cách mà mình tìm ra lỗi, nguyên nhân, kĩ thuật khai thác cũng như cách khắc phục lỗi XXE trong thư viện này.
In this article, I share my experience discovering a stored XSS vulnerability in Manage Engine OpManager and the creative approach taken to escalate its severity to achieve remote code execution (RCE). The vulnerability stems from inconsistencies in ...
![[ZVE-2025-3566] Stored XSS to RCE in Manage Engine OpManager](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1753930975579%2Fb835c2ae-2b5b-425e-9210-09bb506d46c1.png&w=3840&q=75)
ManageEngine Exchange Reporter Plus is a web-based tool for managing and monitoring Exchange Server and Exchange Online environments. It offers over 450 built-in reports on mailboxes, email traffic, user activity, and permissions. The tool supports r...
In recent years, AI and Generative AI have made significant advancements, but their practical use in the field of Penetration Testing is still met with doubt. In this article, we’ll share how we used Generative AI to automate the process of handling ...
