Back to directory

WRITEUP #811

Blog: OmniSpace, from automated 0day XSS to RCE

RCEXSSAccount takeoverCSRFInsecure file uploadLFISecurity code review

by@Pepito_oh(Florent)

Program

Agora-Project (OmniSpace)

Published

Sep 12, 2023

Added to HackDex

Sep 13, 2023

Read Full Writeuphttps://preprod.patrowl.io/blog-omnispace-from-automated-xss-to-rce-cve-2023-40228/

▸ RELATED WRITEUPS

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

XSSReflected XSS

Studying 0days: How we hacked Anki, the world's most popular flashcard app

RCEComponents with known vulnerabilities

We hacked Anki - 0 day exploit from studying someone elses flashcards

RCEComponents with known vulnerabilities

SSD Advisory – XenForo RCE Via CSRF

Getting code execution on Veeam through CVE-2023-27532

RCEInsecure deserialization

Built with ❤️ by Shubham Rawat