Home
About
Contact
Projects
Blog
CVE

iltosec

Offensive Security Engineer — OSCP+ | OSWE | CRTO | eWPTXv2 | TSE | SRT

127.0.0.1

iltosec@hotmail.com

@iltosec

@iltosec

@ali-iltizar

Home

Command Injection Articles

EspoCRM v9.3.4 Authenticated Remote Code Execution via Malicious Extension Upload

ESPOCRM V9.3.4 AUTHENTICATED REMOTE CODE EXECUTION VIA MALICIOUS EXTENSION UPLOAD

Explore the technical analysis of the Authenticated Remote Code Execution (RCE) vulnerability in EspoCRM <= v9.3.4. Learn how malicious extension …...

13 Apr 2026 ALI İLTIZAR
Reading Time: 3 min Views: 206

Whitebox Web Pentesting: Exploiting Flask Authentication & RCE in Chain Lab

WHITEBOX WEB PENTESTING: EXPLOITING FLASK AUTHENTICATION & RCE IN CHAIN LAB

A detailed walkthrough of **Chain Lab** from **CyberExam.io**, demonstrating a Flask web app's **authentication bypass**, **SQL injection**, **hash cracking**, and …...

06 May 2025 ALI İLTIZAR
Reading Time: 2 min Views: 1283

««
«
1
»
»»

© 2025 iltosec. All rights reserved.