>_                                                                                                     _ x
 _                     __               _     ___  
| |                   / _|             | |   / _ \ 
| |__   __ _  ___ ___| |_ _ __ ___  ___| | _| | | |
| '_ \ / _` |/ __/ _ \  _| '__/ _ \/ __| |/ / | | |
| | | | (_| | (_|  __/ | | | |  __/\__ \   <| |_| |
|_| |_|\__,_|\___\___|_| |_|  \___||___/_|\_\\___/ 

root@hacefresko:~$ ./blog.sh


[ info ]

A personal blog where I share cool findings for the hacking community. Mostly web and embedded research.


[ posts ]

[2025-02-26] A very fancy way to obtain RCE on a Solr server ............................ web, bugbounties
[2024-04-06] Accessing +700,000 users data and reading files on a Solr server ........... web, bugbounties
[2022-02-11] Finding an RCE in the TP-Link tapo c200 camera .................................... iot, 0day
[2021-10-26] Exploiting an SSTI in LiquidJS to read any file in the server .............. web, bugbounties


[ CVEs ]

$ CVE-2025-40634 - TP-Link archer ax50 stack-based buffer overflow ................... [advisory][exploit]
$ CVE-2024-2188 - TP-Link archer ax50 stored XSS via UPnP ............................ [advisory][exploit]
$ CVE-2021-4045 - TP-Link tapo c200 unauthentiacted RCE .............................. [advisory][exploit]


[ links ]

:: email :: github :: hackerone :: bugcrowd :: bluesky :: twitter :: linkedin ::