Huli's blog
Archive
Categories
About
中文
2023
Jan 23
Intigriti 0123 Challenge Writeup - Second Order MongoDB JS Injection
2022
Oct 05
SekaiCTF 2022 - safelist writeup
Sep 01
Who pollutes your prototype? Find the libs on cdnjs in an automated way
Aug 29
Intigriti 0822 XSS Challenge Author Writeup
Aug 21
corCTF 2022 writeup - modernblog
Jul 11
Insecure Deserialization in JavaScript: GoogleCTF 2022 Web/HORKOS Writeup
Jun 14
justCTF 2022 - Baby XSLeak Write-up
May 05
ångstromCTF 2022 Writeup
May 02
Revenge of Intigriti 0422 Challenge Author Writeup
Apr 25
Intigriti 0422 XSS Challenge Author Writeup
Apr 24
How much do you know about script type?
Apr 14
The Magical Features of RegExp and String Replacement in JavaScript
Apr 13
Notes XSS Challenge Author Writeup
Apr 06
SSRF and Account Takeover via XSS in ERPNext
Mar 30
Sensitive Data Disclosure in WordPress Plugin Amelia < 1.0.49
Feb 14
Intigriti 0222 XSS Challenge Author Writeup
Feb 08
Story of critical security flaws I found in Glints