Rhino Security Labs

Strategic & Technical Blog

CVE-2020-13405: MicroWeber
Unauthenticated User Database Disclosure

Hunter Stanton

MicroWeber is an open-source Content Management System (CMS) written in PHP. It allows web administrators to easily build a website by dragging and dropping components where they want them to be. It is a popular choice among those looking…

Java Deserialization Exploitation With
Customized Ysoserial Payloads

GKE Kubelet TLS Bootstrap Privilege Escalation

Fuzzing Left4Dead 2 with CERT’s
Basic Fuzzing Framework

Hunter Stanton

If you saw my previous blog post on the buffer overflow I found in Left4Dead 2, you know that I found that vulnerability through fuzzing. 
Modern game engines usually have a very large attack surface within which vulnerabilities could…