Last weekend, I had the time to play the BalCCon2k20 CTF
[https://ctftime.org/event/1100] and since there are no writeups for the last
two web challenges yet, I
I was browsing wpvulndb.com when I stumbled upon the InfiniteWP Client authentication bypass. Being curios, I wanted to reverse engineer the unpublished PoC. Here's my (short) journey.
This is my quick & dirty write up for the X-MAS CTF Roboworld challenge.
The description is as follows:
A friend of mine told me about this website where I
I recently came across the following Apache vulnerability
potential open redirect (CVE-2019-10098)", but I couldn't find
A couple of days Wordpress released 5.2.4 with a few security patches. Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. caught