Windows Stack Buffer Overflow in a real life app — Exploit development — CloudMe_1.11.2 Buffer Overflow-CVE-2018–6892

CloudMe 1.11.2 Buffer OverFlow – Exploit Development.



This is Febin,

Twitter : febinrev

In this Post , I am gonna demonstrate windows Stack buffer overflow and exploit development in CloudMe 1.11.2 .

CloudMe is a cloud storage service. This buffer overflow vulnerability was patched and the exploit is released publicly in 2018 (CVE-2018–6892).

This is a Local Privilege Escalation Vulnerability

This demo will help guys who are preparing for OSCP or equivalent Certifications and also help guys (like me!) who wanna learn advanced hacking and exploit development. There are some executables/apps like “vulnserver” that are intentionally built to be vulnerable for educational purposes, but this is a real life application. So, basically we are developing a real exploit and attacking a real app.

Lets Go!

Higher Submissions Quality Standard


We are happy to be included into the top 5 most promising bug bounty programs of 2021 by the TheHackerNews:

The recognition, however, comes with the responsibility – an inalienable part of our project. During the last days we received several complaints about automated submissions of irrelevant findings such as WordPress XMMRPC file existence. The value of such submissions for website owners is at least questionable.

Therefore, as of today, all CWE-200 submissions without practical value – including phpinfo pages – will be rejected and deleted. You may still submit them within the scope of the running bug bounty programs – if the website owner expressly marked that s/he wishes to get such submissions.

We also remind that the purpose of our project is quality of the submissions, not their quantity. All usage of automated tools will lead to account suspension – let’s bring value to the website owners and suitably support their efforts to secure their websites!

How to bypass mod_security (WAF)

Hello, this time I would like to share with you how to evade the WAF mod_security.

Looking for vulnerable pages I came across a website that, after spending a little time on it, I realized that it could be vulnerable to sql injections, then I realized that it was “protected” with mod_security and decided to see if I could skip the waf.

I share how I did it …

sql injection to bypass Mod_Security

sql injection + bypass Mod_Security


/*!50000%75%6e%69on*/ %73%65%6cect 1



Create encoded sql payloads

In this part I would like to give an example of how to create an encoded payload. First we are going to define the payload that we want to encode: union select 1,2,3,concat(table_name),5 from information_schema.tables table_schema = database() this case we are using the payload without any coding, but we have more ways to declare…

Bypass Addslashes using Multibyte Character

I beleive this tutorial is nother unique or new as compared to other tutorials on Securityidiots. Tutorial related to Addslash bypass can be found easily, but as we are trying to make securityidiots a portal having every shit about SQLi. So this too is worth posting 🙂 . Lets Start Our Tutorial With Little Bit…

Routed SQL Injection

Routed SQL Injection may sound a little bit different or tough for many of the injector being a new concept which confuse many of the injectors. Routed SQL injection is a situation where the injectable query is not the one which gives output but the output of injectable query goes to the query which gives…

DIOS the SQL Injectors Weapon

In this Post we will only know DIOS a little more and introduce some different and new flavors of DIOS. USAGE FOR ALL DIOS: Just put the code in place of vulnerable column and see the magic As most of you have seen this one the first DIOS: Above is a Awesome Piece of code…