Myles Nieman
← All writeups

MSSQL

3 writeups

Freelancer

Hard

An IDOR in a base64-encoded OTP URL allows hijacking an admin account on a freelancer platform, exposing an MSSQL terminal; privilege escalation …

Windows

Ghost

Insane

LDAP injection on a Next.js intranet leaks a service-account secret that unlocks Gitea; a custom Ghost CMS file-read exposes an RCE dev key; from …

Windows

Overcertified

Easy

An LDAP service account password stored in its own description field enables BloodHound collection and Kerberoasting of the MSSQLSERVER account; MSSQL …

Windows