xvnpw personal blog

All articles

Threat Modeling 101 Oct 19, 2022
External Authentication bypass in ingress-nginx May 29, 2022
Hunting for buggy authentication/authorization services on github Nov 28, 2021
Bug bounty tips for nginx $request_uri path traversal bypass Nov 27, 2021
Path traversal in authorization context in Kong and F5 NGINX Nov 25, 2021
Path traversal in authorization context in Emissary Nov 24, 2021
Path traversal in authorization context in Traefik and HAProxy Nov 23, 2021
CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable Nov 22, 2021
Azure subscription security review Feb 1, 2021
Hacking SpEL Jul 17, 2020
From . in regex to SSRF - part 3 Jul 7, 2020
From . in regex to SSRF - part 2 Jan 14, 2020
From . in regex to SSRF - part 1 Jan 5, 2020