Explore our comprehensive research platform with detailed technical analysis, exploit development guides, and cutting-edge security insights.
Visit LabsThis blog post contains a thorough analysis of Server Side Template Injection vulnerability in a commercial Managed File Transfer product named CrushFTP. Exploit script is available. The post covers the vulnerability, exploitation, and the underlying custom templating engine that led to the issue, with code and analysis.
This post analyzes the authentication bypass vulnerability in CrushFTP, including patch diffing, code analysis, and exploit methodology. It details the affected versions, the patch, and the logic flaw that allowed unauthenticated access, with code snippets and step-by-step breakdown.
This post explores two critical vulnerabilities in HPE Insight Remote Support: an unauthenticated XXE and a remote code execution flaw. It covers the technical details, exploitation process, and provides proof-of-concept code and analysis for both vulnerabilities.
This post provides an in-depth analysis of the exploitation process for an unauthenticated XXE vulnerability in Ivanti Endpoint Manager. It covers the technical background, vulnerable code, and exploitation steps, with a focus on the XML parsing logic.