Hiding Payloads in Linux Extended File Attributes

This week, it’s SANSFIRE[1]! I’m attending the FOR577[2] training (“Linux Incident Response & Threat Hunting”). On day 2, we covered the different filesystems and how data is organized on disk. In the Linux ecosystem, most filesystems (ext3, ext4, xfs, …) support “extended file attributes”, also called “xattr”. It’s a file system feature that enables users to…

Read More

WP Publications WordPress Plugin 1.2 – Stored XSS

# Exploit Title: WP Publications WordPress Plugin 1.2 – Stored XSS # Google Dork: inurl:/wp-content/plugins/wp-publications/ # Date: 2025-07-15 # Exploit Author: Zeynalxan Quliyev # Vendor Homepage: https://wordpress.org/plugins/wp-publications/ # Software Link: https://downloads.wordpress.org/plugin/wp-publications.1.2.zip # Version: <= 1.2 # Tested on: WordPress 6.5.3 / Linux (Apache) # CVE: CVE-2024-11605 ## Vulnerability Details The WP Publications plugin…

Read More

NodeJS 24.x – Path Traversal

# Exploit Title : NodeJS 24.x – Path Traversal # Exploit Author : Abdualhadi khalifa # CVE : CVE-2025-27210 import argparse import requests import urllib.parse import json import sys def exploit_path_traversal_precise(target_url: str, target_file: str, method: str) -> dict: traverse_sequence = “..\\” * 6 normalized_target_file = target_file.replace(“C:”, “”).lstrip(“\\/”) malicious_path = f”{traverse_sequence}AUX\\..\\{normalized_target_file}” …

Read More

Microsoft Brokering File System Windows 11 Version 22H2 – Elevation of Privilege

# Titles: Microsoft Brokering File System Windows 11 Version 22H2 – Elevation of Privilege # Author: nu11secur1ty # Date: 07/09/2025 # Vendor: Microsoft # Software: https://www.microsoft.com/en-us/windows/windows-11?r=1 # Reference: https://portswigger.net/web-security/access-control # CVE-2025-49677 ## Description This Proof of Concept (PoC) demonstrates an interactive SYSTEM shell exploit for CVE-2025-49677. It leverages scheduled tasks and a looping batch…

Read More

Oracle Critical Patch Update, July 2025 Security Update Review

Oracle released its second quarterly edition of this year’s Critical Patch Update. The update received patches for 309 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products. In this quarterly Oracle Critical Patch Update, Oracle…

Read More

More Free File Sharing Services Abuse

A few months ago, I wrote a diary about online services used to exfiltrate data[1]. In this diary, I mentioned some well-known services. One of them was catbox.moe[2]. Recently, I found a sample that was trying to download some payload from this website. I performed a quick research and collected more samples! I collected (and…

Read More

PivotX 3.0.0 RC3 – Remote Code Execution (RCE)

# Exploit Title: PivotX v3.0.0 RC3 – Stored XSS to Remote Code Execution (RCE) # Date: July 2025 # Exploit Author: HayToN # Vendor Homepage: https://github.com/pivotx # Software Link: https://github.com/pivotx/PivotX # Version: 3.0.0 RC3 # Tested on: Debian 11, PHP 7.4 # CVE : CVE-2025-52367 ## Vulnerability Type: Stored Cross-Site Scripting (XSS) in the…

Read More