Search the Pentest-Tools.com Blog

cPanel - The valid, the suspect, and the 3rd party (Part 1)

Ever wondered what you can still do with 25-year-old code in a modern hosting environment? PTT-2025-021 was quite the journey! Unpack this critical RCE we discovered and disclosed, which lets you bypass restricted environments like cPanel's jailshell. In part 1 of 3, we break down how an unsafe Perl "open" function became our ticket to a reverse shell - and how the exploit works.

Year in review: from routine to results in 2025

Security teams had to cover more assets, respond to more CVEs, and explain more findings to more people than ever. And not just explain them - defend them. In front of clients. In front of auditors. In front of leadership that wants to know what actually changed since the last in-depth test.

A comprehensive deep dive into React2Shell (CVE-2025-55182)

React2Shell (CVE-2025-55182) is a CVSS 10.0, pre-auth remote code execution flaw in the React Server Components Flight protocol. This deep dive maps affected React and Next.js versions, explains the deterministic exploit chain, summarizes in-the-wild abuse, and lays out detection, mitigation, and validation steps you can apply in real environments.

How we built an exploit for SessionReaper, CVE-2025-54236 in Magento 2 & Adobe Commerce

Here's how we weaponized SessionReaper (CVE-2025-54236) against Magento 2, chaining ServiceInputProcessor quirks and a session proxy setter to forge customer sessions and hijack accounts. Our lab-tested PoC exposes attack surface, a possible preauth RCE, and an automated exploit - a practical walkthrough for researchers who like coffee strong and bugs reliable.

How web cache poisoning works and how to exploit it

Elevate your next pentest by exploiting web cache poisoning. This deep dive uncovers the RFC nuances, common misconfigurations, and unkeyed request components that transform low-severity injections into critical, widespread compromises. Learn practical detection, exploitation (with PoCs!), and advanced mitigation techniques to weaponize your findings.

What the experts say: Machine learning in offensive security

In this third installment, we stop talking and start listening. We asked seasoned offensive security professionals how they actually use machine learning in the field. Their verdict? ML works, when it’s focused. From spotting phishing entry points to flagging suspicious authentication patterns, the value is real. But it’s not magic. Used blindly, it adds noise. Used wisely, it accelerates analysts.

When severity scores mislead - the case against single-metric risk models

Are you still chasing high CVSS scores? Learn how multi-dimensional risk models reveal what attackers really target.

Beyond the hype: how we built a machine-learning classifier (and refused to call It AI)

How we cut web fuzzing FPs by 50% using Machine Learning

Beyond passive and active - a modern approach to network reconnaissance

This isn't your textbook recon. We're dissecting how modern network analysis blurs 'passive' and 'active,' offering a clearer path to target vulnerabilities.

Next.js security alert - how to attack and fix CVE-2025-29927

A single header bypass can compromise your entire Next.js application. Are you at risk? Find out how to fix CVE-2025-29927.

How to extract TLS secrets from Android apps using Frida and Wireshark

Break Android's TLS fortress! Frida & Wireshark reveal hidden app secrets. Bypass SSL pinning, expose API calls, and master traffic decryption now.