Cymetrics Tech Blog

Spring4shell - a new critical RCE vulnerability found in Java Spring Framework

Last year, a critical vulnerability in the Java ecosystem named Log4Shell has been found, it is described as a "nuclear bomb-level loophole".Recently, another critical vulnerability has been found in Spring core, because of its similarity to Log4Shell, it's named "Spring4shell".

Sensitive Data Disclosure in WordPress Plugin Amelia < 1.0.49

Amelia is a WordPress plugin for booking systems developed by TNS. With 40,000+ active installations, it has been used for the clinic, hair salon, tutor, and so on.In March, we studied the source code of Amelia and found three vulnerabilities in the end

Why can I only reset the password when I forget it and the system couldn’t tell me my old password?

“Why do you want me to reset my password instead of sending me the old password?”Many people might have the similar doubts like John. Wouldn't it be nice to send me the old password? Why force me to change it?

Taming the OSCP

The break of dawn on a August morning marked the end of my OSCP journey as I waved goodbye to my proctor and finally uploaded the exam report. Half a year ago, I wouldn't have dreamt of obtaining the OSCP, but now with the beast tamed and the struggle over, let me share my (fortunately) fruitful journey with you.

Story of critical security flaws I found in Glints

In July 2021, we found 4 vulnerabilities in Glints. If a malicious actor exploits the vulnerabilities, they could have stolen your resume.

DNS Hacking Basics - DNS and records

We're all too used to exploiting web applications to hijack someone else's website and post our own stuff, but did you know that there's a much easier way to take over a site? To discuss the much overlooked topic of DNS security, first we have to go over the basics of how the DNS functions and what DNS records are.

Cache Strategy In Backend

Cache is one of the most important parts of the backend. We always use cache to improve latency. There are several things worth thinking about more before we implement cache architecture. In this article, I want to briefly discuss some of that.

Understanding Log4j and Log4Shell Vulnerabilities from Surveillance Cameras

There have been many articles providing technical analysis and explanation. I would like to write a more easy-understanding article from a perspective of people with non-technical backgrounds