Back to directory
WRITEUP #6131

Content Injection in DuoLingo’s TinyCards App for Android [CVE-2017-16905]

OtherContent injection
by@nightwatchcyber(Nightwatch Cybersecurity)
Program
DuoLingo
Published
Jan 4, 2018
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://wwws.nightwatchcybersecurity.com/2018/01/04/rce-in-duolingos-tinycards-app-for-android-cve-2017-16905/
RELATED WRITEUPS
Data Theft in Salesforce: Manipulating Public Links
OtherSOQL injection
When Certificates Fail: A Story of Bypassed MFA in Remote Access
Other2FA / MFA bypass
SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff
OtherSSTI
Ghost In The Ppl Part 1: Byovdll
OtherUse-After-Free
Part 2: From Byovdll To Arbitrary Code Execution In Lsass
OtherUse-After-Free

Built with ❤️ by Shubham Rawat