Hi. In this writeup, i will show you a bug that i found. Allowing an Authenticated user to delete any file in the system in the Support Board 3.3.4 and also will show you a possible exploit scenario with it. …


Hi. In this writeup, i will teach you everything that i learnt and a methodology on how to get started hacking wordpress plugins. Keep in mind, i wont be teaching different vulnerability types, i will just be teaching how to look for vulnerabilities. I learnt it myself and its fun…


Hi. In this writeup, i will show you a sqli that i found in harvard and also, a xss as a bonus

While looking through the subdomains of harvard, i found this one interesting subdomain https://schedule.med.harvard.edu/ . I fuzzed the directory using ffuf and found this one interesting endpoint availability.php


Hi. This is my third writeup in my hacking the tenda ac10 series where i try to get a cve. Lets get started.

So while looking through the functions that accept user inputs, i found this one function called fromSetIpMacBind

Here’s what it do, first it get the value of…


Hi. This would be another series of writeup where we will try to hack the tenda ac10 1200 and try to get a cve. This writeup is fairly short so lets get started

While looking through the functions of tenda, i found this one interesting function saveParentControlInfo

What made this…


Hi. This would be another series of writeup where we will try to hack the tenda ac10 1200 and try to get a cve. Lets get started

While looking through the functions of the web server of the ac10 1200, i found this interesting function called formWriteFacMac. …


Hi. This is my 4th writeup in the hacking the dlink dir 615 series where im trying to get my first cve. Lets get stared.

While looking again on all functions that accept user input, i found this interesting function. sub_40e148

What this function does is it get the value…


Hi. This is another writeup of my hacking the dlink series. This series is just me trying to find my first cve. So let get started

While going through all functions that accept user input, i found this interesting function called sub_40e5d0

What it does is first, it get the…


Hi. This is my second writeup on my hacking the dlink dir-615 series as i try to get my first cve. I found more vulns and will also make a writeup on it soon so stay tuned. So lets get started

I started up by reversing the httpd server of…


This is my writeup on the Alex Fan Club challenge. I will show how i solved it all the way from the beginning. Lets start

In the challenge, you can see that we are given a txt file and the vulnerable website. …

Brandon Roldan

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store