Home
Stigward's Security Journal
Cancel

Rooting the FiiO M6 - Part 2 - Writing an LPE Exploit For Our Overflow Bug

Overview: A little over a month ago, I wrote a blog post detailing how I found a kernel vulnerability in the FiiO M6 Hi-Fi MP3 player. I would recommend reading that post first, but to recap: T...

Rooting the FiiO M6 - Part 1 - Using the "World's Worst Fuzzer" To Find A Kernel Bug

Overview: A few months ago, I was cleaning off my hardware workbench when I came across my FiiO M6, an Android-based “portable high-resolution lossless music player”. I originally purchased the dev...

UAF and House Of Force Fun - ROMHack CTF Swordmaster Pwn Challenge

Swordmaster Pwn Challenge Overview: This challenge was part of the ROMHack CTF hosted on HackTheBox’s CTF platform. At the end of the 48 hour event, the challenge had roughly 10 solves. I was sadl...

Wavlink Command Injection - CVE-2022-23900

Wavlink Command Injection (CVE-2022–23900) TL/DR: The Wavlink WL-WN531P3 router exposes an API endpoint susceptible to command injection. This API endpoint is reachable without an authenticatio...

JWT Confusion and SSTI - CyberSanta CTF Naughty or Nice Web Challenge

Naughty Or Nice Web Challenge TL;DR: Getting the flag on this challenge requires two separate steps. First, we must obtain access to the admin account by exploiting a flaw in the JWT verification...