Omar Samy Cybersecurity Blog & things

Breaking apps, not hearts

HOME
CATEGORIES
TAGS
ARCHIVES
ABOUT

Home Archives

Archives

Archives

2025

03 Aug Node.js Arbitrary File Upload to RCE – AppSec Master Challenge Writeup
31 Jul SpEL Injection Exploit – AppSec Master Challenge Writeup
31 Jul Pickle RCE: Exfiltrating Secrets via Unsafe Deserialization
28 Jul Code Review: Exploiting SSTI in Node.js Template Rendering
16 Jun Race Condition A Detailed Exploration
15 Jun Flag28Service AIDL Binding Walkthrough (Hextree Lab)
14 Jun Hextree Labs - Flag27Service Messenger Vulnerability (Solution)
09 Jun Exploiting Flag26Service – Android Messenger-Based Service (Hextree CTF)
24 Mar How I Tricked the System with Type Confusion and Became a System Admin (Briefly)
11 Mar Path Traversal in File Upload via GraphQL API
08 Mar Auth Token Theft via CORS Misconfiguration

2024

07 Feb Privilege Escalation via Chat Permissions Bypass

Recently Updated

Path Traversal in File Upload via GraphQL API
How I Tricked the System with Type Confusion and Became a System Admin (Briefly)
Hextree Labs - Flag27Service Messenger Vulnerability (Solution)
Flag28Service AIDL Binding Walkthrough (Hextree Lab)
Race Condition A Detailed Exploration

Trending Tags

Android bug-bounty rce access-control challenge CTF file-upload Hextree nodejs path-traversal

© 2025 Omar Samy. Some rights reserved.

Using the Chirpy theme for Jekyll.

Trending Tags

Android bug-bounty rce access-control challenge CTF file-upload Hextree nodejs path-traversal

A new version of content is available.