Vulnerability-Research

Remote Code Execution in docker-wkhtmltopdf-aas: Command Injection via Unsanitized Options

How I found a critical command injection vulnerability in docker-wkhtmltopdf-aas, a Dockerized HTML-to-PDF web service, and achieved remote code execution as root through unsanitized user options passed to a shell command.

Finding an RCE in iOS-remote: OS Command Injection via Flask

How I found an OS command injection vulnerability in iOS-remote, a Flask-based iOS device management tool, and achieved remote code execution through an unsanitized subprocess call.

My First CVE: DLL Hijacking in CactusViewer v2.3.0

How I discovered a DLL hijacking vulnerability in CactusViewer v2.3.0, built a proof of concept, and submitted it for a CVE ID.