| twitter.com/Max_MnMl | |
| Discord | MaxMnMl#2524 |
| Github | https://github.com/MaxMnMl |
CVE-2025-68645 - A Local File Inclusion (LFI) vulnerability in the Webmail Classic UI of Zimbra Collaboration
CVE-2025-68645 - A Local File Inclusion (LFI) vulnerability in the Webmail Classic UI of Zimbra Collaboration - MaxMnMl/zimbramail-CVE-2025-68645-poc
How to make Self-XSS great again 🔥🧯
Disclaimer: This article is intended for security professionals conducting authorized testing within the scope of a contract. The author is not responsible for any damage caused by the application of the provided information. The distribution of malicious programs, disruption of system operation, and violation of the confidentiality of correspondence are pursued by law. Introduction Many security researchers are familiar with the frustrating experience of discovering an XSS vulnerability that requires complex actions within an account, effectively making it only reproducible on the attacker’s account and thus losing its practical value.
One-Click RCE in ASUS’s Preinstalled Driver Software 🧯🔥
One-Click RCE in ASUS’s Preinstalled Driver Software Part Two of the ASUS series is out, read it here. Introduction This story begins with a conversation about new PC parts. After ignoring the advice from my friend, I bought a new ASUS motherboard for my PC. I was a little concerned about having a BIOS that would by default silently install software into my OS in the background. But it could be turned off so I figured I would just do that.
Google Cloud Account Takeover via URL Parsing Confusion 💣🔥👀
https://infosecwriteups.com/google-cloud-account-takeover-via-url-parsing-confusion-c5e47389b7c7
🔓 Just beat the "Dojo #40 - Hacker profile" challenge on @yeswehack!
Think you can match my skills? 🌟
https://dojo-yeswehack.com/challenge/play/e8fe7318-3b61-4fb3-bd2c-3e741ff62a96?pwned
# Hacker profile - Dojo #40 Active until : **17th April - 2025** Authors: [Minilucker](https://x.com/0xidel) #### How to submit your report 1. Visit the Dojo program at [https://yeswehack.com/programs/dojo](https://yeswehack.com/programs/dojo) 2. Click on **submit report** 3. Login or create your account 4. Submit your report --- ## Description Use only JSON to build your hacker profile. The developer claims their application is fully secure. Prove them wrong by reading the `flag.txt` file on the server. ~ _The flag can be found in the enviroment variable: `FLAG`_ ## Goal **BRUTE FORCE IS NOT ALLOWED!** (_Applies only to the Dojo challenge page itself._) ### A valid solution for the challenge must meet these requirements: - Your report must include a proof of concept (PoC) showing how you obtained the flag - The flag must be included in the report
Exploring Dompurify Misc (2/2) by mizu.re … What an Amazing Work 🫶
https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurations
# Phishing Active until : **28th February - 2025** #### How to submit your report 1. Visit the Dojo program at [https://yeswehack.com/programs/dojo](https://yeswehack.com/programs/dojo) 2. Click on **submit report** 3. Login or create your account 4. Submit your report --- ## Description A new website offers free “phishing” sites, grab yours before it's too late! The flag can be found in the enviroment variables named : `FLAG` ## Goal **BRUTE FORCE IS NOT ALLOWED!** (_Applies only to the Dojo challenge page itself._) ### A valid solution for the challenge must meet these requirements: - Your report must include a proof of concept (PoC) showing how you obtained the flag - The flag must be included in the report
PagedOut