/A minimal, responsive and feature-rich Jekyll theme for technical writing. 2026-05-24T09:59:05+00:00 Mustafa Eltayeb Saad / Jekyll © 2026 Mustafa Eltayeb Saad /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-05-24T00:01:00+00:00 2026-05-24T09:58:44+00:00 /posts/monitor4/ mustafa_altayeb

Walkthrough of the MonitorsFour machine – web app enumeration, Cacti RCE, Docker API abuse for root

2026-05-20T00:07:00+00:00 2026-05-22T07:56:21+00:00 /posts/Infinity-SQL-injection-Opengate/ mustafa_altayeb

A walkthrough of exploiting SQL Injection in a login form on Infinity platform. By injecting a boolean condition and switching comment syntax from -- to `#`, we bypassed authentication and gained access to the application.

2026-05-20T00:06:00+00:00 2026-05-22T07:56:21+00:00 /posts/Infinity-SQL-injection-Second-Strike/ mustafa_altayeb

A walkthrough of exploiting Second-Order SQL Injection in an update username feature on Infinity platform. By injecting into an UPDATE query, we escalated privileges from a regular user to admin without needing to know any credentials.

2026-05-20T00:04:00+00:00 2026-05-22T07:56:21+00:00 /posts/Infinity-SQL-injection-Username/ mustafa_altayeb

A walkthrough of exploiting Boolean-based SQL Injection in a registration form on Infinity platform. By crafting true/false conditions and automating character extraction with Python, we recovered user passwords from the database.

2026-05-20T00:04:00+00:00 2026-05-22T07:56:21+00:00 /posts/Infinity-SQL-injection-Login_login/ mustafa_altayeb

A walkthrough of exploiting a Boolean-based SQL Injection vulnerability in a login form on Infinity platform. By injecting a true condition into the username field, we bypassed authentication without knowing any credentials.