Tagged
#Ruby
2 posts
Technical · 10 min
Writing a Metasploit Module for a Pre-Auth SQLi in an LLM Gateway
How I turned CVE-2026-42208 — a time-based blind SQL injection in LiteLLM's proxy — into a benign, lab-verified Metasploit detection module, and what the Rapid7 review cycle taught me about shipping upstream.
Read Technical · 9 min
A Header You Were Never Supposed to Send: Detecting the Next.js Middleware Bypass
CVE-2025-29927 lets an external request skip Next.js middleware entirely — and with it every auth check built there — by sending one header the framework only ever meant to talk to itself. Here's the bug, and the Metasploit scanner I wrote to detect it without touching the data behind the gate.
Read