https://www.turb0.one Bits, bytes, and bad ideas en-us Tue, 16 Dec 2025 03:05:53 +0000 Tue, 16 Dec 2025 03:05:53 +0000 60 https://www.turb0.one/pages/Vega_CVE-2025-59840:_Unusual_XSS_Technique_toString_gadget_chains.html https://www.turb0.one/pages/Vega_CVE-2025-59840:_Unusual_XSS_Technique_toString_gadget_chains.html Vega CVE-2025-59840: Unusual XSS Technique toString gadget chains Sat, 29 Nov 2025 18:36:29 +0000 https://www.turb0.one/pages/Abbreviated_Reproduction_of_CVE-2025-55315_(Critical_9.9_ASP.NET_Kestrel_HTTP_Request_and_Response_Smuggling).html https://www.turb0.one/pages/Abbreviated_Reproduction_of_CVE-2025-55315_(Critical_9.9_ASP.NET_Kestrel_HTTP_Request_and_Response_Smuggling).html Abbreviated Reproduction of CVE-2025-55315 (Critical 9.9 ASP.NET Kestrel HTTP Request and Response Smuggling) Thu, 16 Oct 2025 15:07:10 +0000 https://www.turb0.one/pages/From_Component_to_Compromised:_XSS_via_React_createElement.html https://www.turb0.one/pages/From_Component_to_Compromised:_XSS_via_React_createElement.html From Component to Compromised: XSS via React createElement Sat, 11 Oct 2025 14:49:09 +0000 https://www.turb0.one/pages/Following_The_JSON_Path:_A_Road_Paved_in_RCE.html https://www.turb0.one/pages/Following_The_JSON_Path:_A_Road_Paved_in_RCE.html Following The JSON Path: A Road Paved in RCE Tue, 03 Jun 2025 23:42:37 +0000 https://www.turb0.one/pages/New_DOM_XSS_in_Old_Swagger_UI_v2.2.8.html https://www.turb0.one/pages/New_DOM_XSS_in_Old_Swagger_UI_v2.2.8.html New DOM XSS in Old Swagger UI v2.2.8 Tue, 18 Feb 2025 23:42:37 +0000 https://www.turb0.one/pages/DOM_XSS_in_CyberChef:_Traversing_Multiple_Execution_Contexts.html https://www.turb0.one/pages/DOM_XSS_in_CyberChef:_Traversing_Multiple_Execution_Contexts.html DOM XSS in CyberChef: Traversing Multiple Execution Contexts Thu, 07 Nov 2024 17:25:28 +0000 https://www.turb0.one/pages/Weaponizing_Chrome_CVE-2023-2033_for_RCE_in_Electron:_Some_Assembly_Required.html https://www.turb0.one/pages/Weaponizing_Chrome_CVE-2023-2033_for_RCE_in_Electron:_Some_Assembly_Required.html Weaponizing Chrome CVE-2023-2033 for RCE in Electron: Some Assembly Required Tue, 12 Mar 2024 21:30:17 +0000 https://www.turb0.one/pages/Burster_Shell:_Spawn_Children_of_Arbitrary_Processes.html https://www.turb0.one/pages/Burster_Shell:_Spawn_Children_of_Arbitrary_Processes.html Burster Shell: Spawn Children of Arbitrary Processes Wed, 18 Oct 2023 21:42:26 +0000 https://www.turb0.one/pages/Discovering_RCE_in_Repository_Onboarding_Code.html https://www.turb0.one/pages/Discovering_RCE_in_Repository_Onboarding_Code.html Discovering RCE in Repository Onboarding Code Sun, 11 Jun 2023 17:46:52 +0000 https://www.turb0.one/pages/Byte_Macro:_Implementing_an_Obscure_Telnet_Option.html https://www.turb0.one/pages/Byte_Macro:_Implementing_an_Obscure_Telnet_Option.html Byte Macro: Implementing an Obscure Telnet Option Sun, 15 Aug 2021 21:26:11 +0000 https://www.turb0.one/pages/Multicall_Binary_Packer.html https://www.turb0.one/pages/Multicall_Binary_Packer.html Multicall Binary Packer Wed, 28 Apr 2021 17:47:27 +0000 https://www.turb0.one/pages/Using_Discord_Desktop_for_Backdoor_Persistence.html https://www.turb0.one/pages/Using_Discord_Desktop_for_Backdoor_Persistence.html Using Discord Desktop for Backdoor Persistence Wed, 25 Mar 2020 18:32:23 +0000 https://www.turb0.one/pages/Invisible_Javascript_Malware.html https://www.turb0.one/pages/Invisible_Javascript_Malware.html Invisible Javascript Malware Wed, 02 Oct 2019 21:55:15 +0000 https://www.turb0.one/pages/Custom_Blog_CMS.html https://www.turb0.one/pages/Custom_Blog_CMS.html Custom Blog CMS Wed, 19 Jun 2019 18:31:41 +0000