Victor Zhu Student & Software Engineer A Computer Science Student @ Rensselaer Polytechnic Institute who is intrigued by Cybersecurity. Favorite sport: Pentesting.

[CVE-2019-5418] Ruby on Rails Arbitrary File Content Disclosure Vulnerability Lab

There is a File Content Disclosure vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

[CVE-2019-5418] Ruby on Rails Arbitrary File Content Disclosure Vulnerability Lab feature image

TradingView Charting Library XSS Vulnerablity

TradingView Charting Library XSS Vulnerablity, high impact

TradingView Charting Library XSS Vulnerablity feature image

CSAW CTF Quals '18 Ldab - Web 50 Write-Up (LDAP Injection)

CSAW CTF Qualification Round 2018 Web 50 Ldab Write-up - LDAP Injection

CSAW CTF Quals '18 Ldab - Web 50 Write-Up (LDAP Injection) feature image

Redis Unauthorized Access Vulnerability Lab

If a Redis is publicly accessible and is not protected by password, a remote attacker can exploit this to gain unauthorized access to the server. Let's learn how to set up a vulnerable redis server and attack it. We will also explore how to search and verify vulnerable redis out there with powerful search engine Shodan and automated python exploit

Redis Unauthorized Access Vulnerability Lab feature image

Hack This Site Basic Missions Write-up

Hack This Site Basic Missions Write-up (Few Spoilers)

Hack This Site Basic Missions Write-up feature image

Google Games 2016 @ RPI

Have you ever heard of the Google Games? Get ready to have some fun! This "in a box" version of the Games includes head-to-head team competitions in a series of challenges including trivia, puzzles, word association, and coding.

Google Games 2016 @ RPI feature image