Posts

In this blog post, I will explain a vulnerability that I found that allows low privileged users to take ownership of published dashboards, charts, or datasets via the application’s export and import functionalities, which lack a validation process during import. This flaw in the system enables lower privileged users to view, edit and dismiss original owners of these resources. The post details my research journey, findings, and the potential implications of the vulnerability.

In late September, I found a bypass to a strange captcha system in a website that belongs to a well-known telecommunications company in Portugal. I hope you like it!

In the 0xL4ugh CTF 2024, there was a web challenge with a peculiar programming language used for web development called Clojure. My team solved the challenge but information on the web is almost nonexistent. In today’s blog post, I will explain my thought process and depict how we solved the challenge.