Vulnerability Management

🚨 CVE-2025-24813: Apache Tomcat RCE – Deep Dive & Live Demo

Date Published: April 2025Author: PinewoodSec Research Team Introduction On March 10, 2025, the Apache Software Foundation issued a security advisory for CVE-2025-24813—a critical vulnerability in Apache Tomcat affecting how partial…

Pinewoodtech April 9, 2025

Hacking Penetration Testing Source Code Analysis

🔐 JWT Tampering: From Token to Admin Takeover (with PinewoodStore Demo)

👋 Welcome back to the blog!Today we’re diving into the world of JWT Tampering. You'll see how an attacker can go from a basic user to full-blown admin by exploiting…

Pinewoodtech April 5, 2025

Penetration Testing Cybersecurity Hacking

🚨 JSON Injection – A Dangerous Server-Side Vulnerability

Today’s discussion is about a server-side vulnerability called JSON Injection. This flaw occurs when an application improperly handles user-supplied JSON data, allowing an attacker to manipulate the structure of the…

Pinewoodtech April 3, 2025

CVE-2025-29927 Cybersecurity Hacking

Full attack Demo for CVE-2025-29927: Next.js Middleware Authorization Bypass Vulnerability

Understanding the Security Implications of Internal Headers Today, we're examining CVE-2025-29927, a critical security vulnerability affecting Next.js middleware that could allow attackers to bypass authorization checks under certain conditions. This…

Pinewoodtech March 29, 2025

Cybersecurity Firewall Configuration Hacking

SSRF Full Attack Demo on the web application for Pinewooodstore

In this blog we are going to discuss Server-Side Request Forgery (SSRF) and demo how the exploitation is carried out on the vulnerable web application called PinewoodStore. We would also…

Pinewoodtech March 19, 2025

Cybersecurity Hacking Java coding

Critical Stored XSS Exploit Demo to Capture Key strokes on test site called PinewoodStore

Hello everyone, Today we would be discussing about Stored XSS and how this vulnerability is exploited by bad actors. We would also analyze vulnerable source code from PinewoodStore, a Vulnerable…

Pinewoodtech March 14, 2025

Hacking ChatGPT Java coding

ChatGPT can miss even basic java concepts and make syntax errors

I started using ChaptGPT just recently and i have been noticing that still has a long way to go from replacing Developers. That being said still has huge potential and…

Pinewoodtech March 5, 2025

Cybersecurity ChatGPT Hacking

Using ChatGPT to Create Vulnerable Web Application and Hacking the Application

The source most of server side Application vulnerabilities is the underlying source code that is being used to create this application. The first question that came to my mind how…

Pinewoodtech March 3, 2025

ChatGPT Cybersecurity Hacking

ChatGPT source code sometimes would need refactoring and might not work as recommended.

As part of source code analysis lab i was researching to see what ChatGPT offers as compliant source code to some of the well known vulnerabilities. The one i was…

Pinewoodtech February 20, 2025

Cybersecurity Gaming Hacking

Level 2 challenge for the Hacking Game I am calling “DOOMSDAY HACKERS” is based on Command Injection Vulnerability

I am expanding on the third person shooter hacking game created with Unreal Engine. I have given it the name "DOOMSDAY HACKERS". The gameplay for the LEVEL 2 challenge involves…

Pinewoodtech December 14, 2024