Vulnerabilities in Receiving User-Submitted PDF Files Through HTTP(S)

For context; I have a web application that allows users to upload a PDF file from which the web app extracts certain information by parsing it. The app then sends this information to another server for further processing.
The web app is ba… Continue reading Vulnerabilities in Receiving User-Submitted PDF Files Through HTTP(S)

Is there a service that provides an api for running user-provided code in a variety of languages?

I’m attempting to scaffold out a development training project, and am looking for some kind of service that provides an api that I can POST a chunk of code to (in whatever language specified), and return the results or errors of running th… Continue reading Is there a service that provides an api for running user-provided code in a variety of languages?

How to gain code execution through access to CIFS service on Windows?

Is it possible to gain code execution on a machine through access to CIFS service? And if so, how? In my case, I have a valid Kerberos TGS to CIFS service running on a host and I am able to copy and download files. I want to get a shell au… Continue reading How to gain code execution through access to CIFS service on Windows?