The Nitro generation tools thing is common in Discord now, but none of the tools actually works, so I decided to take it to the next level, and reverse the actual tokens in hopes of finding a better way of generation. - NOTE: This is just for research, I will…

A vulnerability can allow an attacker to guess the automatically generated development mode secret token. Ruby-on-Rails when it is running in development mode. In development mode, it is possible for an attacker to guess the key used to secure the sessions. Decryption: Key Generate: Rails uses 3 environments (development,test,production), when an application uses…

Exploitation of CVE-2018–18925 a Remote Code Execution against the Git self hosted tool: Gogs. Gogs is based on the Macaron framework. The system used to manage session is very similar to what PHP does. The session identifier in the cookie is mapped to a file on the file system. …