Tracing API exploitability through code review and taint analysis

For the rest of this article, I am going to walk you through the actual approach I used to find a command injection vulnerability that exposes a remote code execution (RCE) bug in crAPI that leads to a reverse shell

Continue reading