💻 ~/Rooted_Tales 🌐

⚠️ Disclaimer: All writeups and code shared here are meant for educational and ethical hacking purposes only. Use at your own risk.

Hidden in Plain Sight: Chaining CSS Override to XSS & Email Bombing

Dipesh Paul published on 2025-10-07

Discovery Date: 23^rd September 2025

Introduction

After a routine assessment of a Intuiface’s login page, I uncovered a chain of vulnerabilities that, while simple individually, created a significant security risk when combined. This write-up details the journey from spotting a subtle code issue to achieving a successful Cross-Site Scripting (XSS) exploit by manipulating a hidden client-side feature.

Detection

The investigation began with a review of the client-side code. A quick glance at the JavaScript sources revealed a significant red flag: the use of the eval() function.

CodeTwo

Dipesh Paul published on 2025-08-18

CodeTwo is a HackTheBox machine featuring a vulnerable web application with JavaScript execution functionality leading to full system compromise through CVE exploitation and backup tool abuse.

Box Info

Name	CodeTwo
Type	Machine
Difficulty	Easy
Creator	FisMatHack
Release Date	16 August 2025
Link	https://app.hackthebox.com/machines/CodeTwo
MY HTB Profile	https://app.hackthebox.com/profile/1601323

Reconnaissance

Initial Enumeration

Performed Nmap scan and identified 2 open ports 22 and 8000

The Magic Informer

Dipesh Paul published on 2025-08-16

The Magic Informer is a HackTheBox challenge featuring a Node.js application with multiple critical vulnerabilities. This writeup demonstrates how I chained LFI, JWT bypass, and SSRF to achieve RCE.

Box Info

Name	The Magic Informer
Type	Challenge
Difficulty	Easy
Creator	Rayhan0x01 & makelaris
Release Date	17 December 2022

Reconnaissance

Application Overview

The web application features:

HTB Passman

Dipesh Paul published on 2025-08-12

Passman is an easy-rated HackTheBox machine featuring a Node.js password manager vulnerable to IDOR via GraphQL mutations. This writeup demonstrates how I exploited an authorization flaw to change admin passwords and retrieve the flag.

Box Info

Name	Passman
OS	Linux
Difficulty	Easy
Creator	xclow3n
Release Date	27 Oct 2022

Reconnaissance

Application Overview

The web application presents a password manager interface:

Hijacking Sessions with postMessage: The Silent DOM XSS Threat

Dipesh Paul published on 2025-06-28

Discovery Date: 18^th May 2025

Vulnerability Diagram — Credits to dall-efree.com

Introduction

Imagine a bank teller who accepts withdrawal slips from anyone without checking IDs. A hacker slips in a fake note saying, “Give all money to me,” and the teller blindly obeys.

That’s exactly what happens in this DOM XSS vulnerability — where a website blindly trusts messages from any sender, allowing attackers to inject malicious scripts.

CVE-2017-3506 : OS Command Injection in Alibaba WebLogic

Dipesh Paul published on 2025-06-25

Discovery Date: 16^th July 2024

Vulnerability Overview

CVE-2017-3506 is a critical vulnerability in Oracle WebLogic Server (WLS) components that allowed unauthenticated remote code execution via malformed XML data in WLS Security subcomponent. During a penetration test of Alibaba’s infrastructure, I identified and exploited this vulnerability to gain server access.

Affected Systems

Component	Version
WebLogic Server	10.3.6.0
WebLogic Server	12.1.3.0
WebLogic Server	12.2.1.0-12.2.1.2

Discovery Methodology

Initial Reconnaissance

Identified WebLogic servers using: