- Name: Muhammedali Aliyev.
- From: Baku, Azerbaijan.
- Day job: Security Researcher & Backend Developer.
- Currently: studying Logistics at Azerbaijan Technical University.
- Also: CVE Author, CTF Challenge Author.
- Off the clock: breaking things for fun, competing in CTFs worldwide.
🛠️ Technologies & Tools
🔴 CVE & Security Research
|
CVE-2026-45430
|
Missing state parameter validation in the Backdrop CMS Salesforce OAuth 2.0 authorization flow.
Callback endpoint was exposed to CSRF attacks enabling unauthorized account linkage and potential account takeover.
Conducted responsible disclosure to the Backdrop Security Team, provided a proof-of-concept, and collaborated on the patch shipped in v1.x-1.0.1.
CVSS: AV:N/AC:H/PR:N/UI:R — C:H/I:H/A:L
📋 NVD Entry | 🔗 GitHub Advisory |
📄 ctf writeups
- ▸ TeleLeak — DawgCTF 2026 — Web Writeup
- ▸ Dust to Dust — Reversing a Custom Image Compressor — DawgCTF 2026
- ▸ BEaLegend — BKCTF 2026 — Web Writeup
- ▸ MyFirstBlog — BKCTF 2026 — Web Writeup
- ▸ TinySQL-1 — BKCTF 2026 — Web Writeup
- ▸ supercool — BKCTF 2026 — Reverse Engineering Writeup
🚀 Featured Projects
🏆 Hackathons & Competitions
Result Event Date
🥇 1st Place CyberStar CTF League — AKTA Apr. 2023
🎖️ Organizer & Author AzTU CTF 2026 — 25 challenges across 6 categories May 2026
🥉 3rd Place Farm2Tour Hackathon — Ministry of Agriculture May 2026
🎯 Finalist Cursor AI Hackathon — Backend & AI Integration Feb. 2026
🎯 Finalist Industry 4.0 Hackathon — C4IR Azerbaijan Dec. 2025
🎯 Finalist IDDA 1 FinTech Hackathon — Tenity Nov. 2025
📈 Commit Activity
🌐 Contact & Socials

