-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
e468f20
commit 63e8817
Showing
7 changed files
with
14 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,2 @@ | ||
| <!doctype html><html lang=en-us><head><meta charset=UTF-8><meta name=viewport content="width=device-width,initial-scale=1"><title>Categories · tedmdelacruz</title> | ||
| <link rel=stylesheet href=/css/style.css><link rel=stylesheet href=/css/fonts.css><link rel=icon href=/favicon.ico><link rel=icon type=image/png sizes=32x32 href=/images/favicon-32x32.png><link rel=icon type=image/png sizes=16x16 href=/images/favicon-16x16.png><link rel=apple-touch-icon sizes=180x180 href=/images/apple-touch-icon.png><link href=/categories/index.xml rel=alternate type=application/rss+xml title=tedmdelacruz><script src=/js/darkmode.js></script></head><body><nav class=nav><div class=nav-container><a href=/><h1 class=nav-title>tedmdelacruz</h1></a><ul></ul></div></nav><div id=darkModeToggle onclick=toggleDarkMode()>◐</div><main><h1>Categories</h1><div class=catalogue><ul></ul></div><div class=pagination><span>1</span></div></main><footer><span>© <time datetime="2024-03-13 12:35:18.596749828 +0000 UTC m=+0.038913365">2024</time> . Made with <a href=https://gohugo.io>Hugo</a> using the <a href=https://github.com/EmielH/tale-hugo/>Tale</a> theme.</span></footer></body></html> | ||
| <link rel=stylesheet href=/css/style.css><link rel=stylesheet href=/css/fonts.css><link rel=stylesheet href=/styles.css><link rel=icon href=/favicon.ico><link rel=icon type=image/png sizes=32x32 href=/images/favicon-32x32.png><link rel=icon type=image/png sizes=16x16 href=/images/favicon-16x16.png><link rel=apple-touch-icon sizes=180x180 href=/images/apple-touch-icon.png><link href=/categories/index.xml rel=alternate type=application/rss+xml title=tedmdelacruz><script src=/js/darkmode.js></script></head><body><nav class=nav><div class=nav-container><a href=/><h1 class=nav-title>tedmdelacruz</h1></a><ul></ul></div></nav><div id=darkModeToggle onclick=toggleDarkMode()>◐</div><main><h1>Categories</h1><div class=catalogue><ul></ul></div><div class=pagination><span>1</span></div></main><footer><span>© <time datetime="2024-03-13 13:14:27.569272542 +0000 UTC m=+0.040712266">2024</time> . Made with <a href=https://gohugo.io>Hugo</a> using the <a href=https://github.com/EmielH/tale-hugo/>Tale</a> theme.</span></footer></body></html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,3 @@ | ||
| <!doctype html><html lang=en-us><head><meta name=generator content="Hugo 0.123.8"><meta charset=UTF-8><meta name=viewport content="width=device-width,initial-scale=1"><meta name=description content><title>tedmdelacruz</title> | ||
| <link rel=stylesheet href=/css/style.css><link rel=stylesheet href=/css/fonts.css><link rel=icon href=/favicon.ico><link rel=icon type=image/png sizes=32x32 href=/images/favicon-32x32.png><link rel=icon type=image/png sizes=16x16 href=/images/favicon-16x16.png><link rel=apple-touch-icon sizes=180x180 href=/images/apple-touch-icon.png><link href=/index.xml rel=alternate type=application/rss+xml title=tedmdelacruz><script src=/js/darkmode.js></script></head><body><nav class=nav><div class=nav-container><a href=/><h1 class=nav-title>tedmdelacruz</h1></a><ul></ul></div></nav><div id=darkModeToggle onclick=toggleDarkMode()>◐</div><main><div class=catalogue><a href=https://tedmdelacruz.github.io/posts/strapi-rce-writeup/ class=catalogue-item><div><time datetime="2024-02-10 21:43:57 +0800 +0800" class=catalogue-time>February 10, 2024</time><h2 class=catalogue-title>Remote code execution in a billion-dollar publicly traded company</h2><div class=catalogue-line></div><p>There are 4 things that need to happen in order to find CVE-2023-22621 in the wild: | ||
| You need to find a website that is powered by Strapi. The super admin for this website, somehow, has not been claimed yet. The version of Strapi should be at least 4.5.5 and below. No other hacker had somehow seen any of the three aforementioned scenarios first. The stars have aligned in my favor, and with this CVE, I managed to fully take over one of the websites of a billion-dollar company listed on the New York Stock Exchange.</p></div></a><a href=https://tedmdelacruz.github.io/posts/hello-world/ class=catalogue-item><div><time datetime="2022-05-12 13:06:39 +0800 +0800" class=catalogue-time>May 12, 2022</time><h2 class=catalogue-title>Hello World</h2><div class=catalogue-line></div><p>This is a new space for me to write about tech. Thanks to GitHub Pages and Hugo I’m able set to this up without spending a single dollar.</p></div></a></div><div class=pagination><span>1</span></div></main><footer><span>© <time datetime="2024-03-13 12:35:18.601112869 +0000 UTC m=+0.043276396">2024</time> . Made with <a href=https://gohugo.io>Hugo</a> using the <a href=https://github.com/EmielH/tale-hugo/>Tale</a> theme.</span></footer></body></html> | ||
| <link rel=stylesheet href=/css/style.css><link rel=stylesheet href=/css/fonts.css><link rel=stylesheet href=/styles.css><link rel=icon href=/favicon.ico><link rel=icon type=image/png sizes=32x32 href=/images/favicon-32x32.png><link rel=icon type=image/png sizes=16x16 href=/images/favicon-16x16.png><link rel=apple-touch-icon sizes=180x180 href=/images/apple-touch-icon.png><link href=/index.xml rel=alternate type=application/rss+xml title=tedmdelacruz><script src=/js/darkmode.js></script></head><body><nav class=nav><div class=nav-container><a href=/><h1 class=nav-title>tedmdelacruz</h1></a><ul></ul></div></nav><div id=darkModeToggle onclick=toggleDarkMode()>◐</div><main><div class=catalogue><a href=https://tedmdelacruz.github.io/posts/strapi-rce-writeup/ class=catalogue-item><div><time datetime="2024-02-10 21:43:57 +0800 +0800" class=catalogue-time>February 10, 2024</time><h2 class=catalogue-title>Remote code execution in a billion-dollar publicly traded company</h2><div class=catalogue-line></div><p>There are 4 things that need to happen in order to find CVE-2023-22621 in the wild: | ||
| You need to find a website that is powered by Strapi. The super admin for this website, somehow, has not been claimed yet. The version of Strapi should be at least 4.5.5 and below. No other hacker had somehow seen any of the three aforementioned scenarios first. The stars have aligned in my favor, and with this CVE, I managed to fully take over one of the websites of a billion-dollar company listed on the New York Stock Exchange.</p></div></a><a href=https://tedmdelacruz.github.io/posts/hello-world/ class=catalogue-item><div><time datetime="2022-05-12 13:06:39 +0800 +0800" class=catalogue-time>May 12, 2022</time><h2 class=catalogue-title>Hello World</h2><div class=catalogue-line></div><p>This is a new space for me to write about tech. Thanks to GitHub Pages and Hugo I’m able set to this up without spending a single dollar.</p></div></a></div><div class=pagination><span>1</span></div></main><footer><span>© <time datetime="2024-03-13 13:14:27.576402827 +0000 UTC m=+0.047842562">2024</time> . Made with <a href=https://gohugo.io>Hugo</a> using the <a href=https://github.com/EmielH/tale-hugo/>Tale</a> theme.</span></footer></body></html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| <!doctype html><html lang=en-us><head><meta charset=UTF-8><meta name=viewport content="width=device-width,initial-scale=1"><title>Hello World · tedmdelacruz</title> | ||
| <link rel=stylesheet href=/css/style.css><link rel=stylesheet href=/css/fonts.css><link rel=icon href=/favicon.ico><link rel=icon type=image/png sizes=32x32 href=/images/favicon-32x32.png><link rel=icon type=image/png sizes=16x16 href=/images/favicon-16x16.png><link rel=apple-touch-icon sizes=180x180 href=/images/apple-touch-icon.png><link href rel=alternate type=application/rss+xml title=tedmdelacruz><script src=/js/darkmode.js></script></head><body><nav class=nav><div class=nav-container><a href=/><h2 class=nav-title>tedmdelacruz</h2></a><ul></ul></div></nav><div id=darkModeToggle onclick=toggleDarkMode()>◐</div><main><div class=post><div class=post-info><span>Written by</span> | ||
| <link rel=stylesheet href=/css/style.css><link rel=stylesheet href=/css/fonts.css><link rel=stylesheet href=/styles.css><link rel=icon href=/favicon.ico><link rel=icon type=image/png sizes=32x32 href=/images/favicon-32x32.png><link rel=icon type=image/png sizes=16x16 href=/images/favicon-16x16.png><link rel=apple-touch-icon sizes=180x180 href=/images/apple-touch-icon.png><link href rel=alternate type=application/rss+xml title=tedmdelacruz><script src=/js/darkmode.js></script></head><body><nav class=nav><div class=nav-container><a href=/><h2 class=nav-title>tedmdelacruz</h2></a><ul></ul></div></nav><div id=darkModeToggle onclick=toggleDarkMode()>◐</div><main><div class=post><div class=post-info><span>Written by</span> | ||
| ted<br><span>on </span><time datetime="2022-05-12 13:06:39 +0800 +0800">May 12, 2022</time></div><h1 class=post-title>Hello World</h1><div class=post-line></div><p>This is a new space for me to write about tech. Thanks to <a href=https://pages.github.com/>GitHub Pages</a> and <a href=https://gohugo.io/>Hugo</a> I’m able set to this up without spending a single dollar.</p><p>I’m working on so lots stuff – hunting security vulnerabilities (and hopefully get paid for it) on <a href=https://www.hackerone.com/>Hackerone</a> and <a href=https://www.bugcrowd.com/>Bugcrowd</a>, learning Go for my tooling, honing my shell scripting skillz, and modding my mechanical keyboards.</p><p>I’ll write about these soon!</p></div><div class=pagination><a href=/posts/strapi-rce-writeup/ class="right arrow">→</a> | ||
| <a href=# class=top>Top</a></div></main><footer><span>© <time datetime="2024-03-13 12:35:18.596987411 +0000 UTC m=+0.039150938">2024</time> . Made with <a href=https://gohugo.io>Hugo</a> using the <a href=https://github.com/EmielH/tale-hugo/>Tale</a> theme.</span></footer></body></html> | ||
| <a href=# class=top>Top</a></div></main><footer><span>© <time datetime="2024-03-13 13:14:27.570733696 +0000 UTC m=+0.042173430">2024</time> . Made with <a href=https://gohugo.io>Hugo</a> using the <a href=https://github.com/EmielH/tale-hugo/>Tale</a> theme.</span></footer></body></html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,3 @@ | ||
| <!doctype html><html lang=en-us><head><meta charset=UTF-8><meta name=viewport content="width=device-width,initial-scale=1"><title>Posts · tedmdelacruz</title> | ||
| <link rel=stylesheet href=/css/style.css><link rel=stylesheet href=/css/fonts.css><link rel=icon href=/favicon.ico><link rel=icon type=image/png sizes=32x32 href=/images/favicon-32x32.png><link rel=icon type=image/png sizes=16x16 href=/images/favicon-16x16.png><link rel=apple-touch-icon sizes=180x180 href=/images/apple-touch-icon.png><link href=/posts/index.xml rel=alternate type=application/rss+xml title=tedmdelacruz><script src=/js/darkmode.js></script></head><body><nav class=nav><div class=nav-container><a href=/><h1 class=nav-title>tedmdelacruz</h1></a><ul></ul></div></nav><div id=darkModeToggle onclick=toggleDarkMode()>◐</div><main><div class=catalogue><a href=https://tedmdelacruz.github.io/posts/strapi-rce-writeup/ class=catalogue-item><div><time datetime="2024-02-10 21:43:57 +0800 +0800" class=catalogue-time>February 10, 2024</time><h2 class=catalogue-title>Remote code execution in a billion-dollar publicly traded company</h2><div class=catalogue-line></div><p>There are 4 things that need to happen in order to find CVE-2023-22621 in the wild: | ||
| You need to find a website that is powered by Strapi. The super admin for this website, somehow, has not been claimed yet. The version of Strapi should be at least 4.5.5 and below. No other hacker had somehow seen any of the three aforementioned scenarios first. The stars have aligned in my favor, and with this CVE, I managed to fully take over one of the websites of a billion-dollar company listed on the New York Stock Exchange.</p></div></a><a href=https://tedmdelacruz.github.io/posts/hello-world/ class=catalogue-item><div><time datetime="2022-05-12 13:06:39 +0800 +0800" class=catalogue-time>May 12, 2022</time><h2 class=catalogue-title>Hello World</h2><div class=catalogue-line></div><p>This is a new space for me to write about tech. Thanks to GitHub Pages and Hugo I’m able set to this up without spending a single dollar.</p></div></a></div><div class=pagination><span>1</span></div></main><footer><span>© <time datetime="2024-03-13 12:35:18.601118059 +0000 UTC m=+0.043281596">2024</time> . Made with <a href=https://gohugo.io>Hugo</a> using the <a href=https://github.com/EmielH/tale-hugo/>Tale</a> theme.</span></footer></body></html> | ||
| <link rel=stylesheet href=/css/style.css><link rel=stylesheet href=/css/fonts.css><link rel=stylesheet href=/styles.css><link rel=icon href=/favicon.ico><link rel=icon type=image/png sizes=32x32 href=/images/favicon-32x32.png><link rel=icon type=image/png sizes=16x16 href=/images/favicon-16x16.png><link rel=apple-touch-icon sizes=180x180 href=/images/apple-touch-icon.png><link href=/posts/index.xml rel=alternate type=application/rss+xml title=tedmdelacruz><script src=/js/darkmode.js></script></head><body><nav class=nav><div class=nav-container><a href=/><h1 class=nav-title>tedmdelacruz</h1></a><ul></ul></div></nav><div id=darkModeToggle onclick=toggleDarkMode()>◐</div><main><div class=catalogue><a href=https://tedmdelacruz.github.io/posts/strapi-rce-writeup/ class=catalogue-item><div><time datetime="2024-02-10 21:43:57 +0800 +0800" class=catalogue-time>February 10, 2024</time><h2 class=catalogue-title>Remote code execution in a billion-dollar publicly traded company</h2><div class=catalogue-line></div><p>There are 4 things that need to happen in order to find CVE-2023-22621 in the wild: | ||
| You need to find a website that is powered by Strapi. The super admin for this website, somehow, has not been claimed yet. The version of Strapi should be at least 4.5.5 and below. No other hacker had somehow seen any of the three aforementioned scenarios first. The stars have aligned in my favor, and with this CVE, I managed to fully take over one of the websites of a billion-dollar company listed on the New York Stock Exchange.</p></div></a><a href=https://tedmdelacruz.github.io/posts/hello-world/ class=catalogue-item><div><time datetime="2022-05-12 13:06:39 +0800 +0800" class=catalogue-time>May 12, 2022</time><h2 class=catalogue-title>Hello World</h2><div class=catalogue-line></div><p>This is a new space for me to write about tech. Thanks to GitHub Pages and Hugo I’m able set to this up without spending a single dollar.</p></div></a></div><div class=pagination><span>1</span></div></main><footer><span>© <time datetime="2024-03-13 13:14:27.576414548 +0000 UTC m=+0.047854282">2024</time> . Made with <a href=https://gohugo.io>Hugo</a> using the <a href=https://github.com/EmielH/tale-hugo/>Tale</a> theme.</span></footer></body></html> |
Oops, something went wrong.