Tagmac Han

Two sides of cache abuse — Web Cache Deception tricks a CDN into storing a victim's private page, while Web Cache Poisoning injects a malicious response served to every visitor. How cache-key vs origin parsing discrepancies create both, with real-world chains and defenses.

How a single Server-Side Request Forgery vulnerability can escalate to full AWS/GCP/Azure account compromise by targeting cloud instance metadata services — and why the 452% SSRF surge in 2024 matters.

How attackers exploit disagreements between front-end and back-end servers on where HTTP requests begin and end — and chain CL.TE desync attacks into account takeover, firewall bypass, and cache poisoning.

How attackers detect and exploit Server-Side Template Injection when the application returns no output — using timing delays, DNS callbacks, and engine fingerprinting to achieve full remote code execution.

How injecting properties into JavaScript's Object.prototype poisons the entire Node.js process — and how gadget chains turn that pollution into remote code execution, demonstrated via CVE-2024-38999 in RequireJS.

How the single-packet attack technique eliminates network jitter to exploit sub-millisecond race conditions in web applications — and how CVE-2024-58248 in nopCommerce was exploited using Burp Suite.

How Orange Tsai's Confusion Attacks exploit URL decoding inconsistencies across Apache modules to chain ACL bypass, SSRF, and unauthenticated RCE — #1 web hacking technique of 2024.

CVE-2025-69460: Unauthenticated Remote Code Execution (RCE) vulnerability in Simple Image Gallery 1.0. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.

CVE-2025-69457: Unauthenticated Remote Code Execution (RCE) vulnerability in Responsive Tourism Website 3.1. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.

CVE-2023-38890: Unauthenticated SQL Injection to Remote Code Execution (RCE) vulnerability in Online Shopping Portal 3.1. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.