Blog posts
Ambionics / Web Exploitation

Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801)

Wed 12 March 2025

Exploitation of multiple vulnerabilities in GLPI to gain remote code execution from unauthenticated privileges.

Read more
Ambionics / Tooling

Introducing lightyear, a new way to dump PHP files

Mon 04 November 2024

In this blog post, we describe new techniques to dump PHP files leveraging filters, and a tool that does it.

Read more
Ambionics / Web Exploitation

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 3)

Mon 30 September 2024

In this blog post, we will explore how we can exploit CNEXT, but blind, covering the cases where we have a file read primitive, but cannot get the output.

Read more
Ambionics / Web Exploitation

Jupiter X Core Plugin <= 4.7.5 Authentication Bypass (CVE-2024-7781)

Thu 26 September 2024

An authentication bypass vulnerability was found on Jupiter X Core Plugin <= 4.7.5 (CVE-2024-7781).

Read more
Ambionics / Web Exploitation

Jupiter X Core Plugin <= 4.6.5 Remote Code Execution (CVE-2024-7772)

Thu 26 September 2024

A pre-authentication remote code execution vulnerability was found on Jupiter X Core Plugin <= 4.6.5 (CVE-2024-7772).

Read more
Ambionics / Web Exploitation

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 2)

Mon 17 June 2024

In this blog post, we will explore a new way of exploiting the vulnerability on PHP, using direct calls to iconv(), and illustrate the vulnerability by targeting Roundcube, a popular PHP webmail.

Read more