14 matches found
human-connection-ctf
Human Connection Challenge: CTF Writeup Platform: Immersi...
When prompts become shells: RCE vulnerabilities in AI agent frameworks
In this article 1. A representative case study: Semantic Kernel 2. CVE-2026-26030: In-Memory Vector Store 3. CVE-2026-25592: Arbitrary file write through SessionsPythonPlugin 4. The vulnerability 5. Attack chain overview 6. Defending the agentic edge 7. Not bugs, but developed by design 8. CTF...
Exploit for SQL Injection in Djangoproject Django
CTF Challenge: Django ORM Injection CVE-2025-64459 Catego...
Malicious code in ctf-q21-empire-tmp-test123 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Exploit for CVE-2024-53900
CTF Challenge - Mongoose RCE CVE-2024-53900 Challenge Overvie...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
CVE-2020-9484 with interactive mode and args Designed speci...
The Big IAM Challenge: Test Your Cloud Security Skills
Put yourself to the test with our unique CTF challenge and boost your AWS IAM knowledge. Do you have what it takes to win The Big IAM Challenge?...
The return of the Malwarebytes CrackMe
This blog post was authored by Hasherezade Update: Malwarebytes Crackme : we already have the winners in the category "the fastest solve", congratulations! 1st: @nazywam 2nd: Suvaditya Sur @x0r19x91 3rd:@evandrix But we are still waiting for your submissions! -- Malwarebytes Threat Intelligence...
MyBB 未授权RCE漏洞(CVE-2021-27889 CVE-2021-27890)
MyBB Remote Code Execution Chain BY SIMON SCANNELL & CARL SMITH Today SonarSource is pleased to share with you a guest contribution to our Code Security blog series. The following blog post is authored by Simon Scannell and Carl Smith -two independent security researchers- joining us in sharing...
Sploit - Go Package That Aids In Binary Analysis And Exploitation
Sploit is a Go package that aids in binary analysis and exploitation. The motivating factor behind the development of sploit is to be able to have a well designed API with functionality that rivals some of the more common Python exploit development frameworks while taking advantage of the Go...
CVE-2020-5290 session fixation in rCTF
In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the token=$ssid hash when making a request to the /verify endpoint. An attacker team could potentially steal flags by, for example, exploiting a stored XSS payload in a CTF challenge so that victim...
50m-ctf: Writeup
h1 50M CTF =========== This is my solution for the h1 ctf. On the 27th of february h1 posted this tweet: Since there is no link no any sort of challenge I supposed the challenges is self contained inside this tweet. My guess was the first clue is inside the embeded picture, and since the second o...
50m-ctf: $50 million CTF Writeup
Summary: For a brief overview of the challenge you can take a look at the following image: F451370 Below I will detail each step that I took to solve the CTF, moreover all the bad assumptions that led me to a dead end in some cases. Twitter The CTF begins with this tweet: F451371 What is this...
DLINK DCS-5020L - Remote Code Execution (PoC)
DLINK DCS-5020L - Remote Code Execution PoC “The DCS-5020L Wireless N Day & Night Pan/Tilt Cloud Camera is a day/night network camera that easily connects to your existing home network for remote viewing on a range of mobile devices. It features pan, tilt and digital zoom function to allow you to...