Date Published: April 2025Author: PinewoodSec Research Team Introduction On March 10, 2025, the Apache Software Foundation issued a security advisory for CVE-2025-24813βa critical vulnerability in A...
π Welcome back to the blog!Today weβre diving into the world of JWT Tampering. You’ll see how an attacker can go from a basic user to full-blown admin by exploiting insecure JWT implementat...
Todayβs discussion is about a server-side vulnerability called JSON Injection. This flaw occurs when an application improperly handles user-supplied JSON data, allowing an attacker to manipulate the...
Understanding the Security Implications of Internal Headers Today, we’re examining CVE-2025-29927, a critical security vulnerability affecting Next.js middleware that could allow attackers to by...
In this blog we are going to discuss Server-Side Request Forgery (SSRF) and demo how the exploitation is carried out on the vulnerable web application called PinewoodStore. We would also analyze the v...
Hello everyone, Today we would be discussing about Stored XSS and how this vulnerability is exploited by bad actors. We would also analyze vulnerable source code from PinewoodStore, a Vulnerable Web I...
I started using ChaptGPT just recently and i have been noticing that still has a long way to go from replacing Developers. That being said still has huge potential and can be great tool if you are wil...
The source most of server side Application vulnerabilities is the underlying source code that is being used to create this application. The first question that came to my mind how useful can ChatGPT b...
As part of source code analysis lab i was researching to see what ChatGPT offers as compliant source code to some of the well known vulnerabilities. The one i was researching was about creating an app...
I am expanding on the third person shooter hacking game created with Unreal Engine. I have given it the name “DOOMSDAY HACKERS”. The gameplay for the LEVEL 2 challenge involves eliminating...