Typecho Multiple Vulnerabilities
Advisory about Client IP Spoofing, Race Condition and Stored Cross-Site Scripting (XSS) found on Typecho CMS.
GL.iNet Multiple Vulnerabilities
Advisory about Remote Command Execution and Arbitrary File Write vulnerabilities found on GL.iNet routers.
Released IIS Tilde Enumeration Scanner 2.0 for HackInBo security conference
In occasion of the HackInBo security conference, where I will talk about IIS Tilde Enumeration, I released the version 2.0 of the Burp extension that completely refactors the code, fixes a lot of bugs and adds some nice features.
Published IIS Tilde Enumeration Scanner Burp Suite extension
Released the first version of the IIS Tilde Enumeration Scanner: a Burp Suite extension to detect and exploit this mysterious vulnerability that affected even portswigger.net!
Introducing badmoodle: a moodle community-based vulnerability scanner
Introducing badmoodle: an unofficial community-based vulnerability scanner for moodle that scans for canonical and non-canonical moodle vulnerabilities.
Yellowfin Multiple Vulnerabilities
Advisory about Stored Cross-Site Scripting and Insecure Direct Object References vulnerabilities found on Yellowfin.
Tiny File Manager Multiple Vulnerabilities
Advisory about Path Traversal Recursive Directory Listing and Arbitrary File Copy vulnerabilities found on Tiny File Manager.