Vulnerability Research
A stored cross-site scripting (XSS) vulnerability exists in Decap CMS up to version 3.8.3. The issue affects multiple input fields in the admin interface and is triggered when a privileged user opens the content preview panel of a malicious entry. Vulnerability Summary * CVE ID: CVE-2025-57520 * Type: Stored Cross-Site
Vulnerability Research
SQL Authentication Bypass in Fikir Odaları AdminPando Summary Field Value CVE IDCVE-2025-10878 ProductFikir Odaları AdminPando VendorOmran İnşaat A.Ş. Vulnerable URLhttps://www.omran.com.tr/admin/logIn.php Affected Versionv1.0.1 (and possibly earlier) Vulnerability TypeCWE-89: SQL Injection CVSS v3.1 Score10.0 (Critical) CVSS VectorAV:N/AC:L/
Add ip to /etc/hosts file ,so don't need to memorize every time. ICMP ping the target: ping nibbles.htb It’s alive I passed port scan at this time and simply access port 80: Begin with fuzzing: Nothing interesting on any tool: ffuf -w /usr/share/wordlists/
CTF Writeups
Add machine ip to /etc/hosts Check whether target is alive or not. ping vortex.htb Begin with fast port scan: nmap -p- --min-rate 5000 -T4 vortex.htb No results obtained: Forgot -Pn flag. Added it: nmap -p- --min-rate 5000 -T4 -Pn vortex.htb It took a lot time to
Add ip address of the target machine to /etc/hosts nano /etc/hosts Continue with port scan: nmap -sC -sV -p- --min-rate 10000 Just because not to make overkill NSE script scans, I simply use default scripts, service discovery and full scope scan with 10000 rate. Most probably running on
AI Security
Hi folks, hope you are all doing great. Today, I would like to tackle BankGPT from the TryHackMe platform. Actually, it was my shortest article on Medium. Enjoy :) In order to understand the context embedded (whether model is context aware or not ) I pushed some mock up questions regarding to