In this blog post I will describe how I replicated python’s SimpleHTTPServer functionality in go using only the standard libraries. This is a very technical post and will guide through the complete implemention of it. It is aimed at go beginners and intermediates.

The Secure File Transfer Solution Qiata by Secudos suffers from two vulnerabilities. One persistent Cross-Site Scripting and one Authenticated OS Command Injection with Privilege Escalation. This post will describe the vulnerabilities in detail.

INNEO Startup Tools has a path traversal vulnerablility in versions up to 2018 M040 (13.0.70.3804). This post will show the details of the vulnerability and how to leverage it to gain RCE.