Offensive security research hub
Discover original 0-days, detailed advisories, and the people behind them.
At Pentest-Tools.com, we publish offensive security research the way we practice pentesting: transparent, evidence-backed, and always focused on what matters most for practitioners.
The latest vulnerabilities our team discovered
PTT-2025-001 - DreamFactory
Our team discovered a critical path traversal vulnerability in DreamFactory (df-core 1.0.3). An authenticated user can bypass file upload restrictions and write malicious PHP files directly to the server's public web directory. By simply masking the payload as an SVG image, an attacker can easily achieve full Remote Code Execution (RCE).
PTT-2025-021 - AWStats
We found a high-severity flaw in AWStats 7.9 related to how it processes DNS cache files. If an attacker can modify the configuration file and control specific filenames, they can trick the application into executing arbitrary system commands instead of reading a file. This exploit can lead to a full reverse shell on the target system or, in specific scenarios, break out of restricted environments like in the case of cPanel's jailshell.
PTT-2025-023 - SyncFusion
While testing Syncfusion v30.1.37, we identified multiple Stored Cross-Site Scripting (XSS) vulnerabilities in features like the chat interface and document comment replies. Because these specific input fields lack proper sanitization, attackers can inject malicious scripts using basic image tags. In a live application, this means malicious code could automatically execute whenever a user views a compromised document or opens a chat.
Our latest write-ups
Exploiting a 25-year-old flaw in cPanel's AWStats
Find out how an AWStats analysis reveals how legacy third-party software becomes a major security liability in hosting environments like cPanel. See how we discovered CVE-2025-63261 and how attackers leverage it to escape restricted shells and execute system commands.
Weaponizing SessionReaper in Magento 2
See how we developed a highly accurate exploit for SessionReaper (CVE-2025-54236), a critical account takeover vulnerability in Magento 2 and Adobe Commerce. This includes how we bypassed security to hijack accounts without credentials, how we automated the attack, and how to mitigate the risk.
Researcher profiles
Meet the offensive security specialists at Pentest-Tools.com.
Explore their discoveries, from zero-click RCE chains to responsibly disclosed CVEs - all documented in transparent, indexable advisories.
Matei Badanoiu
Offensive Security Research Lead
Matei "Mal" Badanoiu, widely recognized in the global security community as "CVE Jesus", is the Offensive Security Research Lead at Pentest-Tools.com.
An OSCP and OSCE certified expert, Matei first gained international acclaim with Team Romania’s historic European championship victory at ECSC2019. His achievements earned him a place in Forbes' 30 Under 30 for his contributions to the "golden generation" of Romanian cybersecurity.
Author profile // Wiz // Rapid7 // Github // DefCamp // SciProfiles // Calea Europeana // Forbes
Vision and impact
Championing a practitioner-led approach, the team provides the foundational research that takes our custom detections to the next level. They actively uncover previously undiscovered 0-days or create proof of concepts for theoretical 1-days and help build the tools to safely exploit them, such as the automated, highly accurate SessionReaper module(CVE-2025-54236). This work fuels our Adversarial Exposure Validation (AEV) capabilities, giving you definitive proof of compromise that far exceeds the utility of standard vulnerability scanners.
Challengers and innovators
The Pentest-Tools.com offensive research team is driven by high-fidelity results. Rather than stopping at theoretical discoveries, they make sure the internal "PoC||GTFO" mantra gets respected. By transforming complex exploits into practical write-ups and product capabilities, the team bridges the gap between raw vulnerability data and actionable offensive insights.
Inside the Pentest-Tools.com offensive security research hub
This hub shares our vulnerability research in an open and practical way, building on the community’s long tradition of shared knowledge and collaboration.
By showing how we discover and validate vulnerabilities, we aim to contribute to raising the bar for both attackers and defenders - and to encourage more research in the process.
Why we publish our research
We believe vulnerability research is not just about finding flaws.
This hub makes our research accessible to everyone who shares the same goals: security researchers, internal teams, MSP and MSSPs, consultants, and other decision-makers who need validated insights to act with confidence.
We prove exploitation paths with clarity and evidence
We support responsible disclosure so vendors can patch faster
We help practitioners understand real-world attack chains - not just CVE IDs
We show how vulnerabilities connect, sometimes chaining into zero-click RCEs
What you’ll find here
TL;DR - Advisories you can act on, research you can trust.
Advisories
Detailed write-ups of vulnerabilities our research team discovered, including technical breakdowns, impact summaries, and disclosure timelines.
Researcher profiles
Meet the offensive security specialists behind the findings.
Methodology
How we approach security research and handle responsible disclosure.
Offensive security research that speaks in proof
Detect 16,600+ vulnerabilities and validate your real-world risk with 180+ automated exploits.