這兩場比賽都有很多很有趣但也很難的題目,被電得很慘但也學到不少。
關鍵字列表:
- nim json, null byte
- nim request smuggling
- js-yaml
- web worker
- blob URL
- meta redirect
- file protocol & .localhost domain
- sxg: Signed Exchanges
- 431 CSP bypass
- DOM clobbering document.body
- ejs delimiter
- Node.js + Deno prototye pollution gadget
- XSleaks golang sort