iOS 16.7.8 Jailbreak on iPhone X
If you're a pentester or bug bounty hunter that is trying to do some iOS mobile application testing, half the battle is getting a phone properly jailbroken so you can proxy HTTP…
If you're a pentester or bug bounty hunter that is trying to do some iOS mobile application testing, half the battle is getting a phone properly jailbroken so you can proxy HTTP…
Note: disregard any layout/content/formatting errors as this post was migrated from wordpress to jekyll As mentioned in a previous post, I was the July RotM for the DoD VDP…
I was recently awarded the DoD Researcher of the Month for July, 2023 . Between moving across the country and other hacking duties, I still had time to hammer away at a particular…
PyMedusa is a well known video library manager that many of us self hosted types may use to organize our libraries. I decided to give it a spin one day and found a classic OS…
I found a textbook SQLi in the Eufy Security application. Don't mind the heavy use of red blocks to redact. The first, normal request. Everything looks fine. Notice the response…
Organizr is a self hosted application written in PHP that basically helps you self host other services at your home. It's nifty application with a surprisingly large amount of…
I updated this post to add in prowlarr support. But here is the updated docker compose.yml. version: '3.8' services: pms docker: container name: plex network mode: host hostname:…
I've continued my quest to translate exploits into Golang. Here is an RCE in Webmin due to broken access controls. Please see the following links for more information.…
These were given CVE 2022 43263 and CVE 2022 43264. I found these vulnerabilities in the latest version of Guitar Pro (1.10.2) on the iPad and iPhone. Neither one is that great of…
I was doing a security review of CrushFTP , a multi platform FTP application, and I came across a DoS stemming from lack of validation of user input. Originally, I thought there…