Posts
I Hacked the Scoring Platform Used by Every Major Archery Federation
The scoring platform behind 100k+ competitive archers, 3 national federations, Lancaster Archery, and Easton Foundations. Public .git/, leaked Authorize.Net production credentials, and an unauthenticated scoring API.
Your Regex Won't Save You: XSS in 58k-Star Astro's define:vars
Astro's case-sensitive regex sanitizer is bypassed by case-insensitive HTML parsing. XSS on SSR pages passing user input to define:vars on inline scripts.
Logging Into Any Parse Server Account With Someone Else's Token
A high-severity authentication bypass in Parse Server allows login to any account by sending partial authData that skips provider validation entirely.
Breaking a 5G Core Network From the Inside
Four vulnerabilities in Ella Networks Core, an open-source private 5G network. Privilege escalation, control plane deadlock, and crafted radio messages that crash the core.
Popping a Shell on Any AVideo Server — No Login Required
A four-stage attack chain turns an unauthenticated API call into full remote code execution. CVSS 10.0.
Your Query Builder Won't Save You: SQL Injection in Kysely
SQL injection in a type-safe TypeScript query builder with 10k+ stars. The tool designed to prevent injection was itself injectable.
Running Commands on 27k-Star Glances by Naming a Process
Seven CVEs in Glances. The headline bug: execute commands as root by creating a process with pipe characters in its name.