DOM XSS: The Silent Security Threat You Need to Know
SpEL Injection Demo in Spring Boot – Exploiting PinewoodStore
CVE-2025-24813: Apache Tomcat RCE – Deep Dive & Live Demo
JWT Tampering: From Token to Admin Takeover (with PinewoodStore Demo)In today’s post, we’re diving deep into a powerful yet often overlooked vulnerability in Spring Boot apps — SpEL Injection. We’ve baked it right into our intentionally vulnerable PinewoodStore...
Date Published: April 2025Author: PinewoodSec Research Team Introduction On March 10, 2025, the Apache Software Foundation issued a security advisory for CVE-2025-24813—a critical vulnerability in A...
Understanding the Security Implications of Internal Headers Today, we’re examining CVE-2025-29927, a critical security vulnerability affecting Next.js middleware that could allow attackers to by...
Local File Inclusion (LFI) Vulnerability Full Attack Demo and Source Code Analysis For PinewoodStore
This blog is about Local File Inclusion (LFI), how attackers exploit it to gain access to sensitive files, and how developers can secure their code against this vulnerability. We will analyze a r...
In this blog we are going to discuss Server-Side Request Forgery (SSRF) and demo how the exploitation is carried out on the vulnerable web application called PinewoodStore. We would also analyze the v...
In this blog we would discuss about XML External Entity (XXE) vulnerability and i would demo the full exploitation process on vulnerable site I created called PinewoodStore. XML External Entity (XXE) ...
I have created vulnerable web application using Front end react and backend spring boot. This test application web application is called PinewoodStore. Some of the vulnerabilities that have been intro...
I started using ChaptGPT just recently and i have been noticing that still has a long way to go from replacing Developers. That being said still has huge potential and can be great tool if you are wil...
The source most of server side Application vulnerabilities is the underlying source code that is being used to create this application. The first question that came to my mind how useful can ChatGPT b...
As part of source code analysis lab i was researching to see what ChatGPT offers as compliant source code to some of the well known vulnerabilities. The one i was researching was about creating an app...