Introduction Initial Technical Limitations Tested Payloads Bind Shell Deployment Additional Injection Points New Injection Primitive via time_conf (CVE-2025-34152) Introduction Contextual recap of the initial discovery In early August 2025, I stumbled on a surprisingly easy bug in a €5 Shenzhen Aitemi M300 Wi-Fi Repeater (model MT02). While joking with friends over how cheap IoT devices must be full of holes, I typed $(id) into the SSID field on its Extender setup page.| Posts on Chocapikk's Cybersecurity Blog 🛡️💻
How a €5 MT02 Wi-Fi repeater let me pop a root shell with nothing more than a cheeky SSID.| Chocapikk's Cybersecurity Blog 🛡️
Several critical vulnerabilities discovered in Xorcom CompletePBX 5.2.35, including authenticated file disclosure, remote command execution as root, file deletion, and reflected XSS. This write-up details the black-box methodology, PoCs, and patch timeline.| Chocapikk's Cybersecurity Blog 🛡️
Two missing checks inside the Open Contributions plugin let any fresh WordPress subscriber escalate to contributor and read arbitrary files — including the CTF flag — without brute-forcing a thing.| Chocapikk's Cybersecurity Blog 🛡️
Sur ce post, je vais faire 2 writeups de la catégorie “Applicatif”, 1 et 2, les deux étant des challenges Buffer Overflow niveau Facile.| Chocapikk's Cybersecurity Blog 🛡️