https://le0pard.vercel.app/blog en-us Leopardplaysctf@gmail.com (Yasir Mehmood) Leopardplaysctf@gmail.com (Yasir Mehmood) Mon, 08 Dec 2025 00:00:00 GMT https://le0pard.vercel.app/blog/HTB-Editor-Writeup https://le0pard.vercel.app/blog/HTB-Editor-Writeup This Hack-The-Box Editor write-up details exploiting an unauthenticated XWiki RCE (CVE-2025-24893) to gain an xwiki shell. Plaintext credentials found in config files allow pivoting to the oliver user, while final root access is achieved by abusing Netdata’s SUID ndsudo binary (CVE-2024-32019) through PATH hijacking. Mon, 08 Dec 2025 00:00:00 GMT Leopardplaysctf@gmail.com (Yasir Mehmood) ALL BLOGSHack-The-BoxPentestingSeason-8LinuxEasyXwikiCVE-2025-24893NetdataNdsudoPath-HijackCVE-2024-32019RCEGroovySolrSearchJettySUIDConfig-FileCustom-BinaryPort-ForwardingMega-CLIXMLWhitelist-BypassingPivoting