Author: Alan Chan

Exploitation Summary Initial Exploitation Vulnerability: SQL Injection vulnerability of CMS Made EasyExplanation: CMS Made Easy version 2.2.9.1 has a SQL Injection vulnerability that results in exposure to login id and…

Exploitation Summary Initial Exploitation Vulnerability: Backdoor Command Execution of UnrealIRCDExplanation: A malicious backdoor was added to UnrealIRCD version 3.2.8.1 Privilege Escalation Vulnerability: suid executable viewuserExplanation: It can execute as root…

Target IP: 10.10.10.140 Exploitation Summary Initial Exploitation Vulnerability: Remote code execution via MagentoExplanation: Magento has couple remote code execution vulnerabilities allowing admin account creation and then code execution through admin…