LiteLLM, an open-source proxy server for language model APIs, had two vulnerabilities allowing remote code execution via a standard API key. These exploits stemmed from environment variable disclosure and a Jinja2 server-side template injection. Both vulnerabilities were addressed in the v1.84.0-rc.1 patch, implementing multiple security measures.
No Tokens Required: A Movie Power Virtual Reality Breakout Exploit
During summer 2024, I went on holiday and encountered multiple virtual reality (VR) arcades containing a vulnerability which allowed me to breakout and pop a Windows command prompt on the arcade machine.
mast1c0re: Part 3 – Escaping the emulator
Introduction In the previous post, we developed a traditional stack buffer overflow exploit in the Okage: Shadow King game which resulted in us being able to execute arbitrary code from within a PlayStation 2 ELF that was embedded inside the exploitable game save file. In…
mast1c0re: Part 2 – Arbitrary PS2 code execution
In this post we develop a stack-buffer overflow exploit for the PS2 Okage: Shadow King game.
mast1c0re: Part 1 – Modifying PS2 game save files
Modifying PS2 game save files by creating a PSU file format parser.
mast1c0re: Introduction – Exploiting the PS4 and PS5 through a game save
Introduction The following multi-part blog series will cover how I (McCaulay Hudson) developed the mast1c0re exploit on both the PlayStation 4 and PlayStation 5. The initial research on the vulnerabilities used within this blog series were conducted by CTurtE with assistance from flatz, balika011, theflow0,…