My First Medium‑Severity Vulnerability: Exploiting Leaked Test Accounts in an EduCN Portal

The author describes discovering a medium‑severity information‑leak vulnerability in an educational portal by using a Google dork to locate a file exposing three default test accounts, then logging in with the admin credentials (password 123456) after other attack attempts failed.

Google dorkeducation domaininformation leakage

0 likes · 3 min read

My First Medium‑Severity Vulnerability: Exploiting Leaked Test Accounts in an EduCN Portal

Black & White Path

Apr 27, 2026 · Information Security

How I Exploited Multiple Vulnerabilities in a University System

This article details a step‑by‑step penetration test on a university’s web platform, covering XSS file uploads, JWT tampering for arbitrary login, massive personal data leakage, SQL injection payloads, and the exposure of several AK/SK secrets, all with concrete screenshots and commands.

Penetration TestingSQL InjectionSecurity Research

0 likes · 5 min read

How I Exploited Multiple Vulnerabilities in a University System

Black & White Path

Mar 7, 2026 · Information Security

How I Uncovered Multiple Vulnerabilities in My Alma Mater’s Campus App

The article details an authorized penetration test of a university campus app, revealing sensitive data leakage, horizontal and vertical privilege escalation, face‑photo tampering, and a stored XSS flaw, each demonstrated step‑by‑step with packet captures and screenshots.

Penetration Testinginformation leakagemobile app security

0 likes · 6 min read

How I Uncovered Multiple Vulnerabilities in My Alma Mater’s Campus App

Black & White Path

Feb 20, 2026 · Information Security

5 Hidden Risks of Sharing Workplace Updates on Social Media

The article analyzes how everyday posts on platforms like WeChat, GitHub, and TikTok can be harvested as open‑source intelligence, enabling phishing, BEC, and deep‑fake attacks, and offers concrete mitigation steps for security professionals.

BECOSINTPhishing

0 likes · 9 min read

5 Hidden Risks of Sharing Workplace Updates on Social Media

Programmer DD

Jun 3, 2023 · Information Security

How a Simple API Parameter Leak Exposed Thousands of Student Records

This article details the discovery and exploitation of an API‑based information leakage in a university system, showing how default passwords, missing parameters, and directory depth allowed an attacker to retrieve thousands of student records, and concludes with lessons for security testing.

API vulnerabilitydata exposureinformation leakage

0 likes · 10 min read

How a Simple API Parameter Leak Exposed Thousands of Student Records

Programmer DD

Jun 30, 2021 · Information Security

Exploring Critical Spring Boot Vulnerabilities: Exploits, Analysis, and Mitigation

This article presents a collection of Spring Boot security vulnerabilities, detailing information leakage and remote code execution cases, with step‑by‑step exploitation guides and underlying principles, intended for security research and authorized testing only.

Remote Code ExecutionSecurity ResearchSpring Boot

0 likes · 2 min read

Exploring Critical Spring Boot Vulnerabilities: Exploits, Analysis, and Mitigation