Tag: web

• Performing Supply-Chain Attack in the NodeJS Ecosystem [hands-on exercise] (14 Sep 2024)
  
• Finding RCE in NodeJS templating engine 'Eta' - CVE-2022-25967 (01 Apr 2023)
  
• Uni CTF 2022: UNIX socket injection to custom RCE POP chain - Spell Orsterra (30 Dec 2022)
  
• Business CTF 2022: Chaining Self XSS with Cache Poisoning - Felonious Forums (18 Nov 2022)
  
• Business CTF 2022: H2 Request Smuggling and SSTI - Phishtale (17 Nov 2022)
  
• CA CTF 2022: Exploiting Redis Lua Sandbox Escape RCE with SSRF - Red Island (10 Jun 2022)
  
• CA CTF 2022: Exploiting Zip Slip and Pickle Deserialization - Acnologia Portal (06 Jun 2022)
  
• CA CTF 2022: Exploiting LFR and forging Cookies - Mutation Lab (03 Jun 2022)
  
• Gears of web exploits that sync in harmony; SteamCoin write-up from HTB University CTF 2021 (14 Dec 2021)
  
• HackTheBox CyberApocalypse CTF 21 write-up (24 Apr 2021)
  

---

Tags Archive

ctf write-up web HTB rce scripting CA-CTF nodejs deserialization certifications business-ctf blind-xss uni-ctf ssti ssrf sqli request-smuggling remote-code-execution redteamvillage redteam redis oscp lfr forensic express defcon csrf cookie-forgery zip-slip ysoserial xss xpath-injection websocket web-300 verdaccio unix-socket-injection templating-engine supply-chain-attack steghide sqlmap socks4a snyk self-xss saleae py-jail proxychains prototype-pollution pop-chain pickle-deserialization php-messenger php-gd oswe-prep oswe olevba npm-registry npm node-libcurl nginx misc meterpreter maldoc lfi jwt idat-chunks http2 hardware gopher flask-session eta docker directory-traversal cyberdrill cve-2022-25967 cve-2022-23614 cve-2022-0543 cve-2021-40346 cve-2021-36740 cve-2021-23631 cve-2017-7494 csp-bypass cookie-session cache-poisoning buffer-overflow awae autopsy asti