dxleryt
Security Researcher & CTF Player
3x CVE ยท HTB #1 Jordan ยท FlagYard #1 Jordan
CTF Writeups & Posts
CTF challenge solutions, security tutorials, and technical deep dives
Achievements
Certifications, CTF wins, CVEs, and milestones
CVE-2026-26331: yt-dlp Arbitrary Command Injection via --netrc-cmd
Arbitrary command injection in yt-dlp's --netrc-cmd option allows an attacker to execute OS commands via a maliciously crafted URL, exploitable through HTTP redirects.
CVE-2026-25731: Calibre Templite SSTI to Arbitrary Code Execution
Server-Side Template Injection vulnerability in Calibre's Templite engine allows arbitrary Python code execution via user-supplied HTML export templates in versions โค 9.1.0.
HotelDruid 2.2.3: SQL Injection in disponibilita.php
SQL injection vulnerability in HotelDruid 2.2.3 via unsanitized inizioperiodo and fineperiodo parameters in disponibilita.php, allowing full database extraction.
HackTheBox #1 Jordan
Achieved #1 ranking on HackTheBox in Jordan through consistent machine pwning, ProLab completions, and challenge solving.
FlagYard #1 Jordan
Achieved #1 ranking on FlagYard in Jordan through CTF challenge solving and consistent performance in competitive cybersecurity.
CVE-2024-41570: Havoc C2 Authenticated RCE via SSRF Chain
Authenticated Remote Code Execution in Havoc C2 framework by chaining SSRF with command injection to execute arbitrary commands on the teamserver.