This month an arbitrary code execution in Apache Commons Text was reported by Álvaro Muñoz. The vulnerability exists in the StringSubstitutor interpolator object in Apache Commons Text versions 1.5–1.9. Using prefix lookups “script”, “dns” and “url” in strings lookups ${prefix:name}would allow a crafted string to execute arbitrary scripts when passed…

Let’s talk about an interesting vulnerability that came out on the end of march 2022 named Spring4Shell. …

https://www.intigriti.com/1337uplive The challenges were amazing, though I have not the chance to actively participate much during the competition. The CTF remained alive for quite a bit, so as a note to myself I came up with some brief writeups of the challenges I tried. There are a lot of online…

Participé del evento de OWASP LATAM @ Home donde una gran comunidad de apasionados y apasionadas por la seguridad nos vimos reunidos. Conferencias y talleres de muy alto nivel y CTFs desafiantes. …

Here we are again! Thanks for reading, I leave the solutions for some of the challenges I made of this awesome CTF. Stego: Luna (150)

Hi and thanks for reading! I will be writing about this great CTF I played last weekend and the way I solved many challenges. Thanks to the community for always being there! I learn a lot from all of you. Well, let’s go to the point ;) Forensics: Warm Up (50)