$ whoami

Penetration tester who does security research and open source development

ANSI Escape Injection Vulnerability in WinRAR

On 28 February 2024, RARLAB released an update for WinRAR, patching an ANSI escape sequence injection vulnerability that I had found in the console versions of RAR and UnRAR, affecting versions 6.24 and earlier. This vulnerability, tracked as CVE-2024–33899 for Linux and Unix systems and CVE-2024–36052 for the Windows, allowed attackers to spoof screen output or cause denial of service (in Linux and Unix). This vulnerability was patched in version 7....

21 May 2024 · 3 min · Siddharth Dushantha

How I was able to by bypass my schools security system and gain sudo privileges on the school MacBooks

I am very lucky to go to a school which gives us MacBook Airs to use at school and at home. A few months after I got my MacBook, I started to learn about the command line because why not? Something that I noticed while playing around on the terminal was that I was not able to run commands as root. I kept getting this error when running any command with sudo or if I just ran su:...

22 February 2019 · 3 min · Siddharth Dushantha

Reflected XSS and HTML injection on netlife.no

On the 22nd of October I was successfully able to find out that netlife.no was vulnerable to HTML injection and reflected XSS. So you might be wondering why did I target Netlife? Well it had only been a few weeks since we had school photos taken and after a few days we were told to go to fotonorden.no where we had to put in a code and then could see our images and Foto Norden used Netlife’s service to show and sell the photos to us....

25 October 2018 · 2 min · Siddharth Dushantha