· 18 min medium Windows WingData
HTB: WingData
A NULL byte in Wing FTP Server's login handler triggers Lua code injection for unauthenticated RCE, then a Python tarfile data filter bypass via PATH_MAX overflow writes an SSH key to root.
#htb
#windows
#web
#api +1
· 17 min medium Linux DevArea
HTB: DevArea
Apache CXF MTOM SSRF reads credentials from systemd unit files, Hoverfly middleware provides RCE, and a world-writable /usr/bin/bash combined with a sudoers negation bypass delivers root.
#htb
#linux
#git
#source-code-review +1