ILTOSEC

security research

iltosec

writeups & research

Blog

1 posts

categories

all Rce Xss CVE Ransomware File Upload Bypass Host Header Injection Authentication Bypass SSTI Command Injection Vulnerability Research Cloud AWS Injection

tags

Rce CMS CVE Ransomware File Upload Bypass snipe-it idor authorization-bypass privilege-escalation information-disclosure enumeration misconfiguration aws-s3 SQLI

Rce·File Upload Bypass·Command Injection · Rce·File Upload Bypass·misconfiguration

Unauthenticated RCE in CKFinder via Null Byte Injection Vulnerability

A real-world pre-auth RCE chain: exposed CKFinder with no authentication, null byte filter bypass to upload a .cfm webshell, and OS command execution via ColdFusion cfexecute. Full PoC walkthrough.

24 1 5 min read