Category: Security Research
Posts in Security Research
Web Cache Deception & Poisoning: Weaponizing the Gap Between Cache and Origin
Sat Jun 13 2026
Two sides of cache abuse — Web Cache Deception tricks a CDN into storing a victim's private page, while Web Cache Poisoning injects a malicious response served to every visitor. How cache-key vs origin parsing discrepancies create both, with real-world chains and defenses.
SSRF to Cloud Credentials: Stealing AWS IAM Tokens via Metadata API
Thu May 28 2026
How a single Server-Side Request Forgery vulnerability can escalate to full AWS/GCP/Azure account compromise by targeting cloud instance metadata services — and why the 452% SSRF surge in 2024 matters.
HTTP Request Smuggling: Exploiting Front-End/Back-End Parsing Desync
Thu May 28 2026
How attackers exploit disagreements between front-end and back-end servers on where HTTP requests begin and end — and chain CL.TE desync attacks into account takeover, firewall bypass, and cache poisoning.
Blind SSTI to RCE: Exploiting Template Engines Without Output
Thu May 28 2026
How attackers detect and exploit Server-Side Template Injection when the application returns no output — using timing delays, DNS callbacks, and engine fingerprinting to achieve full remote code execution.
Prototype Pollution to RCE: Node.js Gadget Chains Explained
Wed May 27 2026
How injecting properties into JavaScript's Object.prototype poisons the entire Node.js process — and how gadget chains turn that pollution into remote code execution, demonstrated via CVE-2024-38999 in RequireJS.
Single-Packet Race Condition: Sub-Millisecond Web Exploitation
Wed May 27 2026
How the single-packet attack technique eliminates network jitter to exploit sub-millisecond race conditions in web applications — and how CVE-2024-58248 in nopCommerce was exploited using Burp Suite.
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server
Wed May 27 2026
How Orange Tsai's Confusion Attacks exploit URL decoding inconsistencies across Apache modules to chain ACL bypass, SSRF, and unauthenticated RCE — #1 web hacking technique of 2024.
CVE-2025-69460 – Simple Image Gallery 1.0 - Remote Code Execution (Unauthenticated)
Wed Jan 21 2026
CVE-2025-69460: Unauthenticated Remote Code Execution (RCE) vulnerability in Simple Image Gallery 1.0. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.
CVE-2025-69457 – Responsive Tourism Website 3.1 - Remote Code Execution (Unauthenticated)
Wed Jan 21 2026
CVE-2025-69457: Unauthenticated Remote Code Execution (RCE) vulnerability in Responsive Tourism Website 3.1. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.
CVE-2023-38890 – Online Shopping Portal 3.1 Remote Code Execution
Wed Jan 21 2026
CVE-2023-38890: Unauthenticated SQL Injection to Remote Code Execution (RCE) vulnerability in Online Shopping Portal 3.1. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.
CVE-2025-69458 – Movie Rating System 1.0 - SQL Injection to RCE (Unauthenticated)
Wed Jan 21 2026
CVE-2025-69458: Unauthenticated SQL Injection to Remote Code Execution (RCE) vulnerability in Movie Rating System 1.0. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.
CVE-2025-69459 – Movie Rating System 1.0 - Broken Access Control
Wed Jan 21 2026
CVE-2025-69459: Broken Access Control vulnerability allowing Admin Account Creation in Movie Rating System 1.0. Zero-day discovery and exploit by Tağmaç 'Tagoletta'.
Traffic Offense Management System 1.0 - Remote Code Execution (Unauthenticated)
Wed Aug 18 2021
Zero-Day Discovery & Exploit Development: Traffic Offense Management System