Few notes from CTF@CIT

During this weekend I had a moment to read what's new at CTFTime and that's how I found CTF@CIT prepared by HACK@CIT. Below you'll find few notes about it. Here we go...

Postauth SQLi in Centreon 23.10-1.el8

Similar to previous notes about hunting bugs in Centreon few weeks ago I prepared a new lab to test 'current/latest' version of this webapp. Below you'll find the details. Here we go...

Postauth SQLi in AdvantechWeb/SCADA 9.1.5U

During some internal pentests performed few weeks ago I found an SQL injection (postauth) bug in "latest" AdvantechWeb/SCADA (9.1.5U). Below you'll find more details about it. Here we go...

Healthy PostAuth RCE in FortiADC 7.4.0

Few weeks ago when I was playing a bit with Fortigate machines I decided to check FortiADC VM (downloaded here). After a while I found an interesting "feature" that can be used to achieve ('limited' AFAIK ;)) postauth RCE. Below you'll find few notes about it. Here we go...