π Vulnerability Research with PinewoodSec
Exploring modern web security threats with practical demos and CVE deep dives.
π About the Project
PinewoodSec is our initiative to showcase real-world vulnerability research with hands-on demos. From authentication bypasses to file inclusion and RCEs, each lab is designed to help you learn through doing.
Whether you're a student or professional, PinewoodSec offers a practical way to explore CVEs, exploit chains, and secure coding practices.
π― Demo Objectives
- Understand CVE-2025-24813: Tomcat Path Equivalence RCE
- Learn to identify and exploit path traversal bugs
- Build your own vulnerable lab (PinewoodStore)
- Practice mitigation techniques in real code
Cross-Site Scripting (XSS) is a well-known vulnerability that allows attackers to inject malicious scripts into web pages. One of the most sneaky forms of this attack is DOM-based XSSβwhere the mali...
In todayβs post, weβre diving deep into a powerful yet often overlooked vulnerability in Spring Boot apps β SpEL Injection. Weβve baked it right into our intentionally vulnerable PinewoodStore...
Date Published: April 2025Author: PinewoodSec Research Team Introduction On March 10, 2025, the Apache Software Foundation issued a security advisory for CVE-2025-24813βa critical vulnerability in A...
π Welcome back to the blog!Today weβre diving into the world of JWT Tampering. You’ll see how an attacker can go from a basic user to full-blown admin by exploiting insecure JWT implementat...
Todayβs discussion is about a server-side vulnerability called JSON Injection. This flaw occurs when an application improperly handles user-supplied JSON data, allowing an attacker to manipulate the...
Understanding the Security Implications of Internal Headers Today, we’re examining CVE-2025-29927, a critical security vulnerability affecting Next.js middleware that could allow attackers to by...
π This blog is about Remote File Inclusion (RFI), how attackers exploit it to execute malicious code remotely, and how developers can secure their applications against this vulnerability. We will a...
Local File Inclusion (LFI) Vulnerability Full Attack Demo and Source Code Analysis For PinewoodStore
π This blog is about Local File Inclusion (LFI), how attackers exploit it to gain access to sensitive files, and how developers can secure their code against this vulnerability. We will analyze a r...
In this blog we are going to discuss Server-Side Request Forgery (SSRF) and demo how the exploitation is carried out on the vulnerable web application called PinewoodStore. We would also analyze the v...
In this blog we would discuss about XML External Entity (XXE) vulnerability and i would demo the full exploitation process on vulnerable site I created called PinewoodStore. XML External Entity (XXE) ...