GL.iNet Multiple Vulnerabilities

Advisory about Remote Command Execution and Arbitrary File Write vulnerabilities found on GL.iNet routers.

Released IIS Tilde Enumeration Scanner 2.0 for HackInBo security conference

In occasion of the HackInBo security conference, where I will talk about IIS Tilde Enumeration, I released the version 2.0 of the Burp extension that completely refactors the code, fixes a lot of bugs and adds some nice features.

Published IIS Tilde Enumeration Scanner Burp Suite extension

Released the first version of the IIS Tilde Enumeration Scanner: a Burp Suite extension to detect and exploit this mysterious vulnerability that affected even!

Introducing badmoodle: a moodle community-based vulnerability scanner

Introducing badmoodle: an unofficial community-based vulnerability scanner for moodle that scans for canonical and non-canonical moodle vulnerabilities.

Yellowfin Multiple Vulnerabilities

Advisory about Stored Cross-Site Scripting and Insecure Direct Object References vulnerabilities found on Yellowfin.

Tiny File Manager Multiple Vulnerabilities

Advisory about Path Traversal Recursive Directory Listing and Arbitrary File Copy vulnerabilities found on Tiny File Manager.