iltosec

iltosec

Penetration Tester at LoreSecurity | OSWE | eWPTXv2 | SRT

127.0.0.1
iltosec@hotmail.com
@iltosec
@iltosec
@ali-iltizar

Latest Posts

.NET Deserialization Leading to Remote Code Execution (CVE-2019-18211)
.NET DESERIALIZATION LEADING TO REMOTE CODE EXECUTION (CVE-2019-18211)

This blog post explains the black-box exploitation of Composite C1 CMS via CVE-2019-18211. The deserialization vulnerability in the EntityTokenSerializer class …...

  • 15 Aug 2025   ALI İLTIZAR
  • Reading Time: 3 min   Views: 391
Whitebox Web Pentesting: Exploiting Flask Authentication & RCE in Chain Lab
WHITEBOX WEB PENTESTING: EXPLOITING FLASK AUTHENTICATION & RCE IN CHAIN LAB

A detailed walkthrough of **Chain Lab** from **CyberExam.io**, demonstrating a Flask web app's **authentication bypass**, **SQL injection**, **hash cracking**, and …...

  • 06 May 2025   ALI İLTIZAR
  • Reading Time: 2 min   Views: 726
Exploiting Flask Authentication and RCE Vulnerabilities – Chain Lab Writeup
EXPLOITING FLASK AUTHENTICATION AND RCE VULNERABILITIES – CHAIN LAB WRITEUP

Learn how to exploit Flask authentication and remote code execution (RCE) vulnerabilities in the Chain Lab challenge on CyberExam. This …...

  • 02 Dec 2024   ALI İLTIZAR
  • Reading Time: 4 min   Views: 2932
Host Header Injection Vulnerability in Plone CMS 6.0.13 - A Security Risk for Password Reset Process
HOST HEADER INJECTION VULNERABILITY IN PLONE CMS 6.0.13 - A SECURITY RISK FOR PASSWORD RESET PROCESS

Learn about the Host Header Injection vulnerability in Plone CMS 6.0.13, its impact on password reset emails and URL redirection, …...

  • 27 Nov 2024   ALI İLTIZAR
  • Reading Time: 4 min   Views: 898
CVE-2024-11404: Medium Severity File Upload Vulnerabilities in django-filer 3.2.3
CVE-2024-11404: MEDIUM SEVERITY FILE UPLOAD VULNERABILITIES IN DJANGO-FILER 3.2.3

Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page …...

  • 20 Nov 2024   ALI İLTIZAR
  • Reading Time: 5 min   Views: 2886
What is Ransomware, How Does It Work, How Can We Be Protected?
WHAT IS RANSOMWARE, HOW DOES IT WORK, HOW CAN WE BE PROTECTED?

Discover what ransomware is, how it works, its history, famous ransomware attacks, and effective strategies to protect yourself and your …...

  • 19 Nov 2024   ALI İLTIZAR
  • Reading Time: 7 min   Views: 743
Django CMS 4.1.3 Stored XSS Vulnerability: Exploiting the Page Title Field
DJANGO CMS 4.1.3 STORED XSS VULNERABILITY: EXPLOITING THE PAGE TITLE FIELD

CVE-2024-11319 Discover the stored XSS vulnerability in Django CMS 4.1.3 that affects the Page Title field. Learn about the security …...

  • 11 Nov 2024   ALI İLTIZAR
  • Reading Time: 3 min   Views: 2942
Remote Code Execution by Bypassing Cloudflare: CVE-2022–29464 Analysis
REMOTE CODE EXECUTION BY BYPASSING CLOUDFLARE: CVE-2022–29464 ANALYSIS

Explore the detection and exploitation of CVE-2022-29464, a critical vulnerability in WSO2 products that allows remote code execution. Learn how …...

  • 11 Nov 2024   ALI İLTIZAR
  • Reading Time: 8 min   Views: 1047