Invoice Ninja 5.10.43 - Server Side Request Forgery and File Read Feb 14, 2025 This writeup is the consequence of Laluka's mastery and Branko's wish to learn semething new. It will go through the description and reproduction of new vulnerabilities found in the invoicing application Invoice Ninja. This research was done during a two days OffenSkill lvl-30 training, with a white-box approach.

Chamilo 1.11.26 Post Auth RCE via Phar Unserialize Polyglot Nov 18, 2024 This article is the result of an OffenSkill Training. It explores a post-authentication phar unserialize leading to a remote code execution (RCE) within Chamilo (Learning Management System) 1.11.12 up to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an administrator to execute arbitrary code on the server.

Maarch Courrier 21.03, 2nd order cmd injecton to RCE Jul 16, 2023 This article is the result of an OffenSkill training. It discusses a critical remote code execution (RCE) vulnerability found in the Maarch Courrier software, an electronic correspondence and document management system. The vulnerability, found during a white-box code review session, allows an attacker with administrator access to execute arbitrary commands on the server. The exploit involves command injection through improperly sanitized user inputs in the administration settings of the software. Detailed analysis, including proof of concept and the method of exploitation through the software's REST API, is provided.