https://jashidsany.com/security-research/exploit-dev/ Recent content in Exploit Dev on Jashid Sany Hugo en-us Sun, 01 Mar 2026 00:00:00 +0000 https://jashidsany.com/security-research/exploit-dev/wkhtmltopdf-aas-rce/ Sun, 01 Mar 2026 00:00:00 +0000 https://jashidsany.com/security-research/exploit-dev/wkhtmltopdf-aas-rce/ How I found a critical command injection vulnerability in docker-wkhtmltopdf-aas, a Dockerized HTML-to-PDF web service, and achieved remote code execution as root through unsanitized user options passed to a shell command. https://jashidsany.com/security-research/exploit-dev/ios-remote-rce/ Sat, 28 Feb 2026 00:00:00 +0000 https://jashidsany.com/security-research/exploit-dev/ios-remote-rce/ How I found an OS command injection vulnerability in iOS-remote, a Flask-based iOS device management tool, and achieved remote code execution through an unsanitized subprocess call.