Hello world! long time no see. I was so busy, mainly with working on symbol.exchange (btw opened a new “Bug Driven Development” community) and started to try my way in academia.
Hey! and welcome to another THEY BURNED MY BUG episode. This time, we introduce CVE-2025-25257. An SQLi that I spotted back in Feb. in case someone burn them before i get my bragging rights8157d42995395ba0c0cfccce37b934ebb63d3d5740ba43eda7fa853f389bca2a8fc4ca6426ae50c7673326eacb6644a8b361ad1051138d04cbd9da8b807a0973— faulty *ptrrr (@0x_shaq) February 9, 2025 This is a pre-auth SQLi bug that can be leveraged to an RCE in Fortinet’s FortiWeb.
Intro This is another attempt as part of my @vr_progress to hack my old, unpatched OnePlus phone which didn’t get any updates for years. This time I chose CVE-2022-20201, a crafty little bug hiding in one of the subsystems used by Android’s package manager.
Note This is another attempt in my Android Side Quest (the previous one was Android’s CVE-2020-0238). Intro While digging around through my old gadgets, I found my ancient OnePlus phone that had been gathering dust in a drawer.
Note: This is part of my @vr_progress journal. Also, subscribe to my new @SideQuest_256 channel and I might post videos about the Android journey too :D This is a story about how I wasted my weekend over a bug that was categorized as a High/EoP but then couldn’t find a clever way to elevate privileges with it.