iltosec

iltosec

Penetration Tester at LoreSecurity | OSWE | eWPTXv2 | SRT

127.0.0.1
iltosec@hotmail.com
@iltosec
@iltosec
@ali-iltizar

Blog Posts

Whitebox Web Pentesting: Exploiting Flask Authentication & RCE in Chain Lab
WHITEBOX WEB PENTESTING: EXPLOITING FLASK AUTHENTICATION & RCE IN CHAIN LAB

A detailed walkthrough of **Chain Lab** from **CyberExam.io**, demonstrating a Flask web app's **authentication bypass**, **SQL injection**, **hash cracking**, and …...

  • 06 May 2025   ALI İLTIZAR
  • Reading Time: 2 min   Views: 39
Exploiting Flask Authentication and RCE Vulnerabilities – Chain Lab Writeup
EXPLOITING FLASK AUTHENTICATION AND RCE VULNERABILITIES – CHAIN LAB WRITEUP

Learn how to exploit Flask authentication and remote code execution (RCE) vulnerabilities in the Chain Lab challenge on CyberExam. This …...

  • 02 Dec 2024   ALI İLTIZAR
  • Reading Time: 4 min   Views: 928
Host Header Injection Vulnerability in Plone CMS 6.0.13 - A Security Risk for Password Reset Process
HOST HEADER INJECTION VULNERABILITY IN PLONE CMS 6.0.13 - A SECURITY RISK FOR PASSWORD RESET PROCESS

Learn about the Host Header Injection vulnerability in Plone CMS 6.0.13, its impact on password reset emails and URL redirection, …...

  • 27 Nov 2024   ALI İLTIZAR
  • Reading Time: 4 min   Views: 361
CVE-2024-11404: Medium Severity File Upload Vulnerabilities in django-filer 3.2.3
CVE-2024-11404: MEDIUM SEVERITY FILE UPLOAD VULNERABILITIES IN DJANGO-FILER 3.2.3

Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page …...

  • 20 Nov 2024   ALI İLTIZAR
  • Reading Time: 5 min   Views: 1296
djangocms-attributes-field 3.0.0 Stored XSS Vulnerability
DJANGOCMS-ATTRIBUTES-FIELD 3.0.0 STORED XSS VULNERABILITY

The vulnerability resides in the Django CMS admin panel under the Page Editing interface, specifically when utilizing the "Add plugin …...

  • 20 Nov 2024   ALI İLTIZAR
  • Reading Time: 3 min   Views: 1100
What is Ransomware, How Does It Work, How Can We Be Protected?
WHAT IS RANSOMWARE, HOW DOES IT WORK, HOW CAN WE BE PROTECTED?

Discover what ransomware is, how it works, its history, famous ransomware attacks, and effective strategies to protect yourself and your …...

  • 19 Nov 2024   ALI İLTIZAR
  • Reading Time: 7 min   Views: 349
Django CMS 4.1.3 Stored XSS Vulnerability: Exploiting the Page Title Field
DJANGO CMS 4.1.3 STORED XSS VULNERABILITY: EXPLOITING THE PAGE TITLE FIELD

CVE-2024-11319 Discover the stored XSS vulnerability in Django CMS 4.1.3 that affects the Page Title field. Learn about the security …...

  • 11 Nov 2024   ALI İLTIZAR
  • Reading Time: 3 min   Views: 1782
Remote Code Execution by Bypassing Cloudflare: CVE-2022–29464 Analysis
REMOTE CODE EXECUTION BY BYPASSING CLOUDFLARE: CVE-2022–29464 ANALYSIS

Explore the detection and exploitation of CVE-2022-29464, a critical vulnerability in WSO2 products that allows remote code execution. Learn how …...

  • 11 Nov 2024   ALI İLTIZAR
  • Reading Time: 8 min   Views: 518