My Profile Photo

Deadpool's Security Blog


Hi, I'm Tushar. I'm a Musician, Magician & a nerd for Application Security. This blog is about some of the stuff I do


  1. Spring Boot RCE

    This is my very frist blog post which was pending for a long time (almost a year). I would like to share a particular Remote Code Execution (RCE) in Java Springboot framework. I was highly inspired to look into this vulnerability after I read this article by David Vieira-Kurz, which can be found at his blog. His article talks about an RCE in the Spring Security OAuth framework and how the Whitelabel error page can be used to trigger code execution. …


  2. Welcome !!

    Hi There! …