>_                                                                                                     _ x
 _                     __               _     ___  
| |                   / _|             | |   / _ \ 
| |__   __ _  ___ ___| |_ _ __ ___  ___| | _| | | |
| '_ \ / _` |/ __/ _ \  _| '__/ _ \/ __| |/ / | | |
| | | | (_| | (_|  __/ | | | |  __/\__ \   <| |_| |
|_| |_|\__,_|\___\___|_| |_|  \___||___/_|\_\\___/ 

root@hacefresko:~$ ./blog.sh


[ info ]

A personal blog where I share cool findings for the hacking community


[ posts ]

[2025-02-26] A very fancy way to obtain RCE on a Solr server ........................... web, bugbounties
[2024-04-06] Accessing +700,000 users data and reading files on a Solr server .......... web, bugbounties
[2022-02-11] Finding an RCE in the TP-Link tapo c200 camera ................................... iot, 0day
[2021-10-26] Exploiting an SSTI in LiquidJS to read any file in the server ............. web, bugbounties


[ CVEs ]

[CVE-2024-2188] TP-Link archer ax50 stored XSS via UPnP ............................. [advisory][exploit]
[CVE-2021-4045] TP-Link tapo c200 unauthentiacted RCE ............................... [advisory][exploit]


[ links ]

:: email :: github :: hackerone :: bugcrowd :: bluesky :: twitter ::