Exploit Dev

Remote Code Execution in docker-wkhtmltopdf-aas: Command Injection via Unsanitized Options

How I found a critical command injection vulnerability in docker-wkhtmltopdf-aas, a Dockerized HTML-to-PDF web service, and achieved remote code execution as root through unsanitized user options passed to a shell command.

Finding an RCE in iOS-remote: OS Command Injection via Flask

How I found an OS command injection vulnerability in iOS-remote, a Flask-based iOS device management tool, and achieved remote code execution through an unsanitized subprocess call.