Credentials / Notes / LL

If .htaccess isn't blacklisted on a file upload you can allow for the execution of custom file extensions which can obviously lead to RCE

SeManageVolumePrivilege can be abused in a badass way, giving full write permissions to C:\ and replacing system DLLs with malicious one

Last updated 6 months ago