CyberDucky | My CyberVerse

Finding a Heap Buffer Over-Read in ascii-view (CWE-125)

Mon, 16 Feb 2026 08:41:45 +0000

Security research isn’t always about flashy exploits or instant remote code execution. Sometimes, the most valuable work is finding small, quiet bugs before they become serious problems.

While reviewing the open-source project ascii-view, I identified a heap buffer over-read vulnerability (CWE-125) affecting the image grayscale conversion logic. Although the issue is not practically exploitable today, it represents a real memory safety flaw that could become exploitable if future changes alter how the leaked data is processed.

This article documents the vulnerability, explains why it happens, demonstrates how it can be reproduced, and shows how it was fixed following responsible disclosure...

Critical SQL Injection Vulnerability Discovered in HortusFox (pending CVE-2025-65298)

Sun, 28 Dec 2025 15:27:01 +0000

Overview

During a security assessment of HortusFox, I identified a critical SQL injection vulnerability that allows any authenticated user to execute arbitrary SQL queries against the application’s database. This flaw enables attackers to extract sensitive data, modify or delete records, escalate privileges, and potentially take full control of the application.

The vulnerability has been confirmed as exploitable, and a tested patch has been provided to the maintainers to enable rapid remediation. Pending: CVE-2025-65298.

Executive Summary

Vulnerability Type: SQL Injection (unvalidated attribute parameter)
Affected File: app/models/PlantsModel.php
Affected Lines: 335, 424, 458
Severity: Critical (CVSS...

CVE-2025-64115: Unvalidated Referer Redirect & SSRF in Movary

Sun, 30 Nov 2025 15:05:23 +0000

Author: Juan Soberanes (CyberDucky)
Date: 2025-10-30
Severity: High (CVSS 8.1)
CVE: CVE-2025-64115
GitHub Advisory: GHSA-pm58-79jw-q79f

References:

Overview

While reviewing the Movary codebase, I discovered a high-severity vulnerability caused by unvalidated use of the HTTP_REFERER header for redirects. This design flaw allowed attackers to abuse application redirect behavior, enabling both open redirect phishing campaigns and potential Server-Side Request Forgery (SSRF) attacks.

This issue was responsibly disclosed to the maintainers and has since been remediated.

Vulnerability Summary

Vulnerability...

Mining Github for CVEs!

Fri, 19 Sep 2025 08:00:04 +0000

Tech Talk: Mining GitHub for CVE Research with an Enhanced Vulnerability Scanner

Abstract

Security research often begins with patterns — where do vulnerabilities come from, what practices make them more likely, and how can we spot them earlier? In this talk, I’ll walk through how I built an OSINT-powered vulnerability scanner for GitHub repositories that blends CVE trend analysis, Semgrep static analysis, and repository health metrics into a unified framework. You’ll see how this approach helped me identify bug-prone projects, optimize scanning for scale, and improve my own CVE research workflow.

Talk Outline

1....

Blind SQL Injection in FireShare, Found in an API sort Parameter

Wed, 20 Aug 2025 19:52:39 +0000

Severity: High
Impact: Sensitive Data Extraction (Usernames, Role Discovery)

How I Found It

While exploring the /api/videos/public endpoint, I noticed the sort parameter was behaving oddly. Instead of rejecting unexpected values, the backend seemed to pass whatever I gave it directly into the query. That raised a red flag.

I suspected SQL injection, but this wasn’t a straightforward one where you instantly see errors or output. Instead, it turned out to be time-based blind SQL injection—which means the attacker gets clues from how long the server takes to respond, even if no data is...

Stored XSS FOUND! In Many Notes, The Best Note Taking APP!

Wed, 20 Aug 2025 19:16:18 +0000

How I Found a Stored XSS in Markdown Rendering

Severity: High (CVSS 7.3)

The Discovery

I was testing the markdown rendering feature in the Many Notes application when something caught my eye. It looked like the application was running user content through a markdown parser and then trying to clean it with DOMPurify. On paper, that sounds safe enough. In practice, it wasn’t.

After a couple of quick checks, I realized I could sneak in a script tag and get it to execute. That meant the app was vulnerable to a classic stored XSS.

...

Blind SQL Injection Found! In Tirreno : Security Analytics

Tue, 05 Aug 2025 23:03:28 +0000

Uncovering a Blind SQL Injection in v0.9.5: A Deep Dive

Overview

In my latest security audit of v0.9.5, I discovered a Blind SQL Injection that allows attackers to infer—and eventually extract—arbitrary data from the database. This blog post walks through:

Vulnerability details

Proof of Concept

Recommended Fixes

Our Vulnerability Disclosure Policy

Read on to learn how this flaw works and how you can protect your own applications.

1. What Is Blind SQL Injection?

Blind SQL Injection is a variant of SQL Injection where the application does not directly return database errors...

XSS Found in Asian Arts Talent Foundation

Tue, 01 Jul 2025 08:40:45 +0000

🐤 CyberDucky Strikes Again: Critical XSS Vulnerability Discovered on AATF Website

Date Discovered: June 20, 2025
Target: Asian Arts Talents Foundation (aatf.us)
Severity: 🔥 High
Vulnerability Type: Reflected Cross-Site Scripting (XSS)
Author: Juan Soberanes – aka CyberDucky 🧠💻

🕵️ Discovery Story

During a routine local assessment using the public Docker container from the Asian Arts Talents Foundation, I uncovered a high-risk vulnerability in one of their endpoints. This wasn’t just any bug – this was a textbook case of Reflected XSS, ripe for exploitation by malicious actors.

No login needed. No fancy...

OSCP Cheatsheet

Thu, 19 Jun 2025 07:18:58 +0000

General

💡 For Finding all important files in Windows `cd c:\Users` then `tree /F`

Important Locations

Windows
Windows

Linux
``` powershell /etc/passwd /etc/shadow /etc/aliases /etc/anacrontab /etc/apache2/apache2.conf /etc/apache2/httpd.conf /etc/apache2/sites-enabled/000-default.conf /etc/at.allow /etc/at.deny /etc/bashrc /etc/bootptab /etc/chrootUsers /etc/chttp.conf /etc/cron.allow /etc/cron.deny /etc/crontab /etc/cups/cupsd.conf /etc/exports /etc/fstab /etc/ftpaccess /etc/ftpchroot /etc/ftphosts /etc/groups /etc/grub.conf /etc/hosts /etc/hosts.allow /etc/hosts.deny /etc/httpd/access.conf /etc/httpd/conf/httpd.conf /etc/httpd/httpd.conf /etc/httpd/logs/access_log /etc/httpd/logs/access.log /etc/httpd/logs/error_log /etc/httpd/logs/error.log /etc/httpd/php.ini /etc/httpd/srm.conf /etc/inetd.conf /etc/inittab /etc/issue /etc/knockd.conf /etc/lighttpd.conf /etc/lilo.conf /etc/logrotate.d/ftp /etc/logrotate.d/proftpd /etc/logrotate.d/vsftpd.log /etc/lsb-release /etc/motd /etc/modules.conf /etc/motd /etc/mtab /etc/my.cnf /etc/my.conf /etc/mysql/my.cnf /etc/network/interfaces /etc/networks /etc/npasswd /etc/passwd /etc/php4.4/fcgi/php.ini /etc/php4/apache2/php.ini /etc/php4/apache/php.ini /etc/php4/cgi/php.ini /etc/php4/apache2/php.ini /etc/php5/apache2/php.ini /etc/php5/apache/php.ini /etc/php/apache2/php.ini /etc/php/apache/php.ini /etc/php/cgi/php.ini /etc/php.ini /etc/php/php4/php.ini /etc/php/php.ini /etc/printcap /etc/profile...

Offensive OSINT for Finding Software Vulnerabilities

Sun, 16 Feb 2025 16:48:40 +0000

Finding Software Vulnerabilities

I’m sure you have heard of Zero Days. They are bugs that have not been found by anyone. Imagine finding one of these and reporting it as a CVE before a malicious hacker does? YOU WOULD SAVE THE PLANET . All materials are freely available at cyber-ducky.com, and will remain available after the workshop ends.

Learning Objectives

Learn how to analyze code from open source projects for common bugs.

Learn how to look for potential vulnerabilities in documentation and developer forums.

Learn how to do Software Composition Analysis.

Learn how to leverage vulnerability...

Ultimate Guide for Staying Anonymous

Mon, 26 Aug 2024 10:52:25 +0000

Ultimate Guide to Staying Anonymous

Ever wondered how you can truly stay anonymous online ? I will be going over the steps you can do to ensure you stay as anonymous as possible. The outline is in priority order to get you anonymous as soon as possible.

All materials are freely available at cyber-ducky.com, and will remain available after the workshop ends.

Learning Objectives

Learn how to obtain an anonymous phone, pc, debit card and email.

Learn what technologies to use when using your anonymous phone, pc, and email to stay undetected.

Learn how to create social...

Welcome to Cyber Ducky World!

Wed, 19 Oct 2022 23:48:05 +0000

I’d like to first and foremost, welcome you to the world of never ending learning. I created this Cyber Ducky Movement to educate the world about cyber security and technology. There is a beauty in being able to understand very complex systems and then modify them as you please. Everything done in this movement is for educational purposes only. We will explore many aspects of cyber security through analysis, coding, and practice.

What exactly is the Cyber Ducky Movement?

The movement has to do with the origins of the rubber ducky. The rubber ducky has been used for many...