Alexandru Postolache
Pentest-Tools.com, Security Research Engineer
Alex is a passionate security engineer and a bug bounty hunter. He loves researching and discovering vulnerabilities in web applications, as well as finding ways to improve his day-to-day work. He also enjoys writing in-depth research articles by highlighting the technical details in ways that make our readers better understand core concepts.
Alex is a passionate security engineer and a bug bounty hunter. He loves researching and discovering vulnerabilities in web applications, as well as finding ways to improve his day-to-day work. He also enjoys writing in-depth research articles by highlighting the technical details in ways that make our readers better understand core concepts.
Posts by this author
- Security research
Authenticated Magento RCE with deserialized PHAR files
Back in August 2019, I reported a security vulnerability in Magento affecting versions 2.3.2, 2.3.3, and 2.3.4 using the HackerOne bug bounty platform. The bug impacted some installations of Magento and it allowed us to gain Remote Code Execution based on the way PHAR files are deserialized and by abusing Magento’s Protocol Directives.
- Author(s)
- Published at
- Updated at