@pentesterlab.com on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

PentesterLab

pentesterlab.com

did:plc:vsjziuri7y2hxzp3vnazcsoh

New lab: CVE-2026-24895 — FrankenPHP Path Confusion RCE (Unicode) People think "lowercase it" is harmless. In Unicode it’s not. Case folding can do weird mappings (Turkish i, Kelvin sign…), and sometimes worse: UTF-8 byte length changes. Hands-on lab: https://pentesterlab.com/exercises/cve-2026-24895

2026-02-16T01:13:48.049Z