-
automating bug hunting
In the quest to get my first CVE, I’ve decided that Wordpress plugins are going to be my best target, just because they’re so close to my heart. My first attempts included finding a plugin off svn.plugins.wordpress.org, downloading it, scanning it with Snyk, and then moving on; then, like all...
-
who up proofing they concept (*attempted* CVE-2025-8417 PoC)
TL;DR tried to write a PoC for CVE-2025-8417, an 8.1 CVSS RCE in WordPress plugin intelligent-importer 5.1.4. Discovered the key needed can’t be brute-forced or reversed (by me) – but there’s XSS in a downgraded version, 5.1.3, that might be able to steal it when paired with phishing. Lame, I...
-
Independent Studying
Long time, no see. I was busy with the 9-5 & exploring the wonderful city of Chicago. But now I’m back at Purdue for my last semester and I’m buckled in, hopefully. On top of my capstones, a new TA position, and a grad class on IoT, I made myself...