Busy week! It seems like everyone is wrapping up their research for the year and sharing it with the world! 🌟
🛠️ Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection
If you can only read one article this week, make it this one! A well-written and highly detailed walkthrough on a truncated collision to gain command execution. Truly worth your time!
🔥 Remote Code Execution with Spring Boot 3.4.0 Properties
From file write to RCE, again! After last week's article from Steven Seeley, Elliot Ward has published two new methods to achieve the same result in the article Remote Code Execution with Spring Boot 3.4.0 Properties.
💎 Gem::SafeMarshal Escape
Another fantastic article from Luke on Gem::SafeMarshal escape. A must-read for Ruby enthusiasts!
🔍 CSPT the Eval Villain Way!
A comprehensive walkthrough on how to use and leverage Eval Villain to discover and exploit Client-Side Path Traversal. Don't miss it!
🌟 Shiny Vulnerabilities in R's Most Popular Web Framework
R code review, anyone? Check out this insightful article from Luke: Shiny Vulnerabilities in R's Most Popular Web Framework.
👾 XS-Leaks through Speculation Rules
An excellent CTF write-up on leveraging speculation rules to exploit XS-Leaks. A great read for enthusiasts!
🛡️ Bypassing WAFs with the Phantom $Version Cookie
An intriguing article from PortSwigger Research on leveraging parsing differences in cookies to bypass WAFs: Bypassing WAFs with the phantom $Version cookie.
