A spicy week with double Sam Curry!
🔐 Exploiting an ORM Injection to Steal Cryptocurrency from an Online Shooter
A great example of ORM-injection/leak exploitation: https://blog.p1.gs/writeup/2025/07/06/Hacking-a-crypto-game/
💣 Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257)
Another great write-up from WatchTowr, this time on a SQL injection to RCE in FortiWeb’s Fabric Connector: https://labs.watchtowr.com/pre-auth-sql-injection-to-rce-fortinet-fortiweb-fabric-connector-cve-2025-25257/
🪟 Abusing Windows, .NET Quirks, and Unicode Normalization to Exploit DNN (DotNetNuke)
The Assetnote team is back at it with another great find—especially worth reading if you’re into C# code review: https://slcyber.io/assetnote-security-research-center/abusing-windows-net-quirks-and-unicode-normalization-to-exploit-dnn-dotnetnuke/
🍔 Would You Like an IDOR with That? Leaking 64 million McDonald’s Job Applications
You’ve probably already come across this one, but just in case: https://ian.sh/mcdonalds
📚 Why XSS Persists in This Frameworks Era?
A well-written and detailed analysis on why we still have XSS: https://flatt.tech/research/posts/why-xss-persists-in-this-frameworks-era/
