HTB Writeup – DevArea
Posted on 2026-03-30
Java CXF SOAF XXE (CVE-2022-46364) to Hoverfly auth RCE (CVE-2025-54123)
Java CXF SOAF XXE (CVE-2022-46364) to Hoverfly auth RCE (CVE-2025-54123)
Fonttools to file write, FontForge to RCE, setuptools to path traversal
WingFTP RCE (CVE-2025-47812), Python tarfile overflow (CVE-2025-4517)
Chrome extension JavaScript injection & Python .pyc poisoning
Transform XSLT to HTML with extensions → special XML “SSTI”
Exploit IKE IPSec via UDP discovery & the SUDO binex privesc
A journey for bug hunting in Linux binary fuzzing