Home | chris alupului

./notes

Hey, I'm Chris! A cybersecurity researcher and content creator from United States. Chris Alupului about ethical hacking and penetration testing

CVEs & Disclosure Policy

View my vulnerability discoveries and responsible disclosure timeline

Latest posts

Ghost CMS: Stored XSS in Embed Cards Leading to Owner Takeover - 2026

A low-privileged Contributor can permanently take over a Ghost CMS site Owner account through unsanitized embed card HTML in the admin panel. Ghost declined to patch it.

C Chris Alupului
February 24, 2026
13 min read
hacksmarter: verbose walkthrough

The target was a Flask-based web application vulnerable to multiple critical security flaws...

C Chris Alupului
January 22, 2026
7 min read

#hacksmarter#ethical hacking#web app
hacksmarter: static walkthrough

As a member of the Hack Smarter Red Team, you have been assigned a web application penetration test on a clients employee portal.

C Chris Alupului
January 18, 2026
16 min read

#hacksmarter#AWS#ethical hacking#web app

See all posts →