PinnedJosewice7inSystem WeaknessUnderstanding PHP Deserialization & Type Juggling Attacks Part IHi, I’m W1C3 and today I’m going to bring you the first part of this series understanding deserialization and type juggling attacks in php.Jun 11, 2023Jun 11, 2023
PinnedJosewice7inSystem WeaknessIoT Security: RCE in MQTT ProtocolHey, I’m W1C3 and today I‘m going to explain Bugged, is a TryHackMe lab that simulates how smart devices in our homes communicate and how…Apr 13, 2023Apr 13, 2023
PinnedJosewice7LFI to RCE via Log PoisoningHello, I am W1C3, and today I will explain how to achieve LFI to RCE via Log Poisoning. This challenge was developed for the CyberArena CTF…Apr 16, 20232Apr 16, 20232
Josewice7inSystem WeaknessBlind SQL injection with conditional responsesIn our second post(See First post)discussing SQL injection (SQLi), I, W1C3, will guide you through the process of performing a blind SQL…May 16, 2023May 16, 2023
Josewice7inSystem WeaknessSQL injection attack, listing the database contents on non-Oracle databasesGreetings, my name is W1C3, and today I will be explaining the process of listing the contents of databases that are not associated with…May 15, 2023May 15, 2023
Josewice7inSystem WeaknessSSRF filter bypassHello, my name is W1C3 and today, I am going to explain how to obtain arbitrary file read access through Server-Side Request Forgery…May 6, 2023May 6, 2023
Josewice7Information Disclosure to gain Admin accessHello, my name is W1C3 and today I will explain how thanks to the information leak I was able to identify vulnerabilities and obtain secret…May 1, 20231May 1, 20231
Josewice7inSystem WeaknessArbitrary file read via Symbolic LinksHey, I am W1C3, and today I will explain how you can read files via Symbolic Links. This challenge was developed for the Nullcon CTF 2023.Apr 24, 2023Apr 24, 2023
Josewice7inSystem WeaknessChaining vulnerabilities to achieve Remote Code Execution (RCE).Hey, I am W1C3, and today I will explain how, through chained vulnerabilities, we were able to achieve Remote Code Execution (RCE). In…Apr 17, 2023Apr 17, 2023