Penetration Testing
CVE-2025-60511: IDOR
Insecure direct object reference in Moodle's OpenAI Chat Block plugin exposing unauthorized access to chat data. Full exploitation walkthrough and CVE details.
Penetration Testing
Insecure direct object reference in Moodle's OpenAI Chat Block plugin exposing unauthorized access to chat data. Full exploitation walkthrough and CVE details.
Penetration Testing
Stored XSS in Moodle PDF Annotator plugin v1.5 release 9 through malicious annotation content. Technical analysis and responsible disclosure details.
Vulnerability Research
Stored XSS vulnerability in Decap CMS versions up to 3.8.3 allowing script injection through content fields. Includes PoC and remediation steps.
HackTheBox
Nibbleblog CMS arbitrary file upload vulnerability for initial shell, then root access through sudo misconfiguration on Linux.
CTF Writeups
Joomla information disclosure (CVE-2023-23752) leaking database credentials, then privilege escalation to root via apport-cli on Linux.
HackTheBox
IIS file upload bypass via web.config for initial shell on Windows, then SYSTEM access using the Chimichurri (MS10-059) kernel exploit.