This year’s 0CTF had a total of three web challenges, one of which was client-side. I only solved this particular challenge and managed to get the first blood. This post will briefly document my solution.
Keyword list:
- CSS injection
- CSS exfiltration
This year’s 0CTF had a total of three web challenges, one of which was client-side. I only solved this particular challenge and managed to get the first blood. This post will briefly document my solution.
Keyword list:
Due to being busy lately, I haven’t been participating in CTFs as much in the past two or three months. However, I still come across some interesting challenges on Twitter. Even though I don’t have time to solve them, I still take notes because if I don’t, I won’t be able to solve them later for sure.
This post mainly documents some web front-end related challenges. Since I might not have personally solved them, the content is based on references from others’ notes, with some personal insights added.
Keyword list:
Did you know that when you discuss SSR with your friends, it’s highly likely that your understanding of SSR differs? Let’s take a few scenarios. Which ones do you consider as SSR?
renderToString to render React into a string, but there is no data. The data is fetched on the frontend.renderToString to output HTML. On the client-side, hydration is performed to make the page interactive.Some people believe that any view generated by the backend is considered SSR, so all scenarios 1 to 5 are SSR. Others think that the frontend must be an SPA for it to be called SSR, so scenarios 2 to 5 are SSR. Yet, some people consider hydration as the key aspect of SSR, so only scenario 5 (or 45) is SSR.
On November 9, 2023, Sentry published an article on their blog titled Next.js SDK Security Advisory - CVE-2023-46729. The article discusses the details of the CVE-2023-46729 vulnerability, including its cause, discovery time, and patching time.
Although the vulnerability was officially announced on 11/9, it was actually fixed in version 7.77.0 released on 10/31. Some time was given to developers to patch the vulnerability.
Now let’s briefly discuss the cause and attack method of this vulnerability.
Both of these competitions had many interesting but challenging problems. I really learned a lot.
Keyword list:
Some websites use GIFs for certain images because they are animated and appear more impressive than static images. Sometimes, the need for an animated image arises, such as in the case of stickers where animation is expected.
However, one of the well-known drawbacks of GIFs is their large file size. Especially on mobile devices with higher resolutions, larger images are required. Even if only a 52px image is displayed, a 156px image needs to be prepared, resulting in increased file size. In terms of web development, it is always better to have fewer and smaller resources to load.
I participated in both of these events to some extent, but I didn’t look at every challenge. This post is just a note to briefly record the solutions, without going into too much detail.
As usual, here are the keywords I noted:
In the monthly challenges at Intigriti, I presented an XSS challenge that I named “Math Jail.” You can find the challenge at the following link: https://challenge-0823.intigriti.io/
Now that the challenge has concluded, I’d like to take this opportunity to discuss the thought process behind creating the challenge and share some of the solutions that were developed.
A while ago, I was busy traveling and didn’t have much time for CTFs. Even if I did participate, I was too lazy to write a writeup, so my last writeup was back in March. I felt it was a shame to break the streak, so I quickly wrote another one to make up for it.
Regarding the three CTFs mentioned in the title, I only participated in GoogleCTF 2023. For the other two events, I only briefly looked at the challenges, so this post will only serve as a note on the challenges and their solutions.
Keyword list:
location.ancestorOriginsdocument.execCommand('undo');Originally, I intended to write this article from a developer’s perspective. However, due to time constraints, I will first write a CTF-oriented article to record this issue. I will write from a developer’s perspective when I have more time.
In short, this article discusses the problems caused by using the following pattern:
const express = require('express')
const app = express()
const port = 3000
app.set('view engine', 'ejs');
app.get('/', (req,res) => {
res.render('index', req.query);
})
app.listen(port, () => {
console.log(`Example app listening on port ${port}`)
})