About
My name is Daniele (aka @sk4) and I’m a security researcher. I help companies to improve their cybersecurity posture. In my spare time I’m a CTF player.
Articles
- Local Privilege Escalation via Zyxel VPN Client
- Zip Slip to RCE on Basercms - CVE-2021-41243
- CMS Made Simple from SQL-injection to RCE - CVE-2021-40961
- Have fun with file extension and file upload (cve-2019-16318)
- Weaponize ‘order by’ SQLi on WordPress Form Maker plugin (CVE-2019-10866)
- Exploiting RichFaces CVE-2018-12533 in a heavily firewalled box
- Polyglot PHAR’s deserialization for backdoored RCE (CVE-2019-10867)
- CMS Made Simple deserialization attack (CVE-2019-9055)
- SQL injection in Pimcore 6.2.3
Contacts
- Email: dscanu20[at]gmail[dot]com
- Twitter: @sk4pwn
- LinkedIn: Daniele Scanu