It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them for a while. This post is about a vulnerability I’ve found in this company that led to RCE. Reconnaissance In this step, my recon methodology was not finding some unique subdomains or assets. I was searching for some web applications with some interesting features such as login or file upload.

Hello world :) As you know, I’m LIL NIX x_x, just a hacker and this is my first post. Here I will share my findings, hope you enjoy.