https://blog.z3r.ru/Recent content on blog.z3r.ruHugoenSun, 16 Nov 2025 23:00:00 +0300https://blog.z3r.ru/posts/qdrant-rce/Sun, 16 Nov 2025 23:00:00 +0300https://blog.z3r.ru/posts/qdrant-rce/Writeup for Qdrant Remote code execution vulnerabilityhttps://blog.z3r.ru/posts/spring-cloud-gateway-spel-vuln/Sun, 21 Sep 2025 00:00:00 +0300https://blog.z3r.ru/posts/spring-cloud-gateway-spel-vuln/Bypassing some restrictions in Spring Cloud Gateway filters to DoS, secrets leak or RCEhttps://blog.z3r.ru/posts/volgactf2025-s3waaas/Wed, 17 Sep 2025 18:55:00 +0400https://blog.z3r.ru/posts/volgactf2025-s3waaas/Writeup for VolgaCTF 2025 A/D service s3waaas, a vulnerable S3 implementation with analytics via ClickHousehttps://blog.z3r.ru/posts/content-disposition-attachment-bypass/Wed, 28 May 2025 02:20:39 +0300https://blog.z3r.ru/posts/content-disposition-attachment-bypass/Exploring techniques to bypass Content-Disposition: attachment header restrictions.https://blog.z3r.ru/about/Fri, 23 May 2025 00:20:39 +0300https://blog.z3r.ru/about/<p>Hello. My name is Egor Zonov aka ezzer. I play CTFs with the <a href="https://ctftime.org/team/586">Bushwhackers</a> team, work in application security and sometimes do vulnerability research. You can find some of my work on this website.</p> <div class="socialNavbar" style="text-align: center;"> <ul style="display: inline-block; margin: 0; padding: 0;"> <li> <a href="https://github.com/Ezzer17" target="_blank" aria-label="GitHub" title="github"> GitHub </a> </li> <li> <a href="https://x.com/ez_z3r">X</a> </li> <li> <a href="https://t.me/z3rblog" rel="Blog">Telegram Blog</a> </li> <li> <a href="mailto:zonoveg@gmail.com">email</a> </li> <li> <a href="https://blog.z3r.ru/index.xml" target="_blank" aria-label="RSS" title="RSS"> RSS </a> </li> </ul> </div>https://blog.z3r.ru/posts/apport-lpe/Fri, 23 May 2025 00:20:39 +0300https://blog.z3r.ru/posts/apport-lpe/Investigating a local privilege escalation vulnerability in Ubuntu&rsquo;s Apport crash reporting system.