Tags
RCE
Learn from hands-on guides how to detect and exploit high-risk RCEs affecting systems, frameworks, protocols, and more!
DotNetNuke: XSS to RCE (CVE-2026-40321)
DotNetNuke (DNN) might be a leading CMS in the Microsoft ecosystem, but a routine test on an older version accidentally led us straight to a brand-new 0-day. In this write-up, we escalate a simple Stored XSS vulnerability into a full Remote Code Execution (RCE) chain (CVE-2026-40321). Read the full article to see how we smuggled payloads inside SVG files, weaponized DNN's internal messaging to spear-phish admins, and seamlessly dropped an ASPX backdoor right into the server root
- Author(s)
- Published at
- Updated at
Throwing a spark into FuelCMS
FuelCMS v1.5.2 might be an older, largely unmaintained project, but its codebase is still highly combustible. In our latest research sprint, we uncovered seven new vulnerabilities lurking under the hood. Read the full article to see the raw HTTP requests, learn how we bypassed brute-force rate limits, and watch us turn simple template syntax into a full system compromise.
- Author(s)
- Published at
- Updated at
cPanel - The valid, the suspect, and the 3rd party (Part 1)
Ever wondered what you can still do with 25-year-old code in a modern hosting environment? PTT-2025-021 was quite the journey! Unpack this (potentially Remote) Code Execution vulnerability we discovered and disclosed, which lets you bypass restricted environments like cPanel's jailshell. In part 1 of 3, we break down how an unsafe Perl "open" function became our ticket to a executing arbitrary system commands - and how the exploit works.
- Author(s)
- Published at
- Updated at
A comprehensive deep dive into React2Shell (CVE-2025-55182)
React2Shell (CVE-2025-55182) is a CVSS 10.0, pre-auth remote code execution flaw in the React Server Components Flight protocol. This deep dive maps affected React and Next.js versions, explains the deterministic exploit chain, summarizes in-the-wild abuse, and lays out detection, mitigation, and validation steps you can apply in real environments.
- Author(s)
- Published at
- Updated at
What is CVE-2024-6387? Understand RegreSSHion, the OpenSSH vulnerability
CVE-2024-6387, aka regreSSHion, is a new critical vulnerability affecting OpenSSH which remote, unauthenticated attackers can use to execute remote code. But there's more to this CVE than meets the eye
- Author(s)
- Published at
- Updated at
Authenticated Magento RCE with deserialized PHAR files
Back in August 2019, I reported a security vulnerability in Magento affecting versions 2.3.2, 2.3.3, and 2.3.4 using the HackerOne bug bounty platform. The bug impacted some installations of Magento and it allowed us to gain Remote Code Execution based on the way PHAR files are deserialized and by abusing Magento’s Protocol Directives.
- Author(s)
- Published at
- Updated at
How to exploit a Remote Code Execution vulnerability in Laravel (CVE-2021-3129)
I discovered this vulnerability for the first time in the Horizontall machine from Hack The Box, and the conditions in which it’s triggered pushed me to understand it in more detail. CVE-2021-3129 reminds me about a log poisoning vulnerability, but with a different flavor.
- Author(s)
- Published at
- Updated at
How to exploit the HTTP.sys Remote Code Execution vulnerability (CVE-2022-21907)
Pattern recognition is what hundreds of security specialists in our community voted as the skill to cultivate for a rewarding infosec career. While we have some innate pattern recognition abilities, developing them is essential – and that’s a matter of practice. Working in offensive security gives you plenty of opportunities to do this, with new vulnerabilities ripe for close examination. So let’s go ahead and do just that while discovering how this CVE carries echoes from another vulnerability from a while back.
- Author(s)
- Published at
- Updated at
How to detect and exploit the Oracle WebLogic RCE (CVE-2020-14882 & CVE-2020-14883)
Pentesters love a good RCE, but, as much as we enjoy the thrill of detecting and exploiting it (ethically, of course), the tech ecosystem suffers every time one of these pops up. That’s why fast and effective recon and vulnerability assessment remain the go-to pentesting stages that help companies manage their risks so they can keep doing business and serving their customers. With your knowledge, experience, and advice, they can turn a potential hazard into a process that makes them stronger. Let’s take a closer look at the critical RCE vulnerability discovered in Oracle WebLogic Server and see how you can have a bigger positive impact in your organization and beyond it.
- Author(s)
- Published at
- Updated at
How to detect and exploit CVE-2021-26084, the Confluence Server RCE
Thinking like an attacker is the right mindset that can help you better cope with this staggering growth of RCE vulnerabilities. As a pentester, you know it better than anyone. You’re also the best positioned to use your experience and know-how to detect exposed critical assets before malicious actors do. To help you help others, I’ll explore a critical RCE vulnerability in the Atlassian Confluence server across Linux and Windows in this practical guide packed with detection tactics and mitigation methods.
- Author(s)
- Published at
- Updated at
