DigiNews

Tech Watch by Johan Denoyer

← Back to articles

Hacking Apple - SQL Injection to Remote Code Execution

Quality: 9/10 Relevance: 9/10

Summary

The article documents a pre-auth SQL injection vulnerability in Masa/Mura CMS that enables remote code execution via the JSON API, detailing sink-to-source tracing, exploitation steps, and PoC, as well as detection approaches using Nuclei templates and responsible disclosure to Apple and CMS teams.

🚀 Service construit par Johan Denoyer