writeups
findings, thoughts & things i learned along the way.
Path Traversal to Root File Read in Intelbras iNVU 7016 FT (LFI)
LFI on an NVR's log download endpoint allows reading any file as root, including /etc/shadow.
Stored XSS to Full Account Takeover on a Web3 Platform
How a filename injection on a document viewer led to full wallet compromise via React fiber traversal.