I originally planned to write a more detailed post, but I realized that it might take a long time to publish. So I decided to write a brief version first.

I solved the following four web challenges:

1. Fancy Notes
2. Dumb Forum
3. LESN
4. ptMD

Here are some keywords that might be helpful for future reference:

1. Length extension attack
2. SSTI
3. Mutation XSS <svg><style>
4. <meta name="referrer" content="unsafe-url" />
5. <meta http-equiv="refresh" content="3;url">
6. Puppeteer’s click behavior is to capture the element position and then click the coordinates.

Read More

Recently, I was looking at some WordPress plugins and found that it was a good place to practice because there are many plugins there, and each one has source code that can be viewed. You can do black-box or white-box testing, and installation is also very convenient.

This article will discuss a vulnerability I found a while ago, which uses the most basic and classic attack method, file upload leading to RCE.

Vulnerability ID: CVE-2022-27862
WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.5.3 - Arbitrary File Upload leading to RCE

Read More

I couldn’t participate on the first day of the competition due to some personal matters. When I joined on the second day, I found out that my teammates had already solved most of the web challenges, so there were many challenges that I didn’t get to see.

Since I love JavaScript and XS-leak, I will only write about the two challenges that I found most interesting:

1. web/Sustenance
2. misc/CaaSio PSE

(I may write about another challenge that involves DOMPurify + marked bypass XSS in the future)

Read More

I didn’t check all the challenges this time because when I joined the competition, most of the challenges already solved by my teammates lol

I love JavaScript(yep, including those weird features) and XS-leak, so this writeup will talk about only two challenges:

1. web/Sustenance
2. misc/CaaSio PSE

Read More

Among the many web vulnerabilities, my favorite is prototype pollution. It can be powerful sometimes when you find a script gadget.

So, I decided to make an XSS challenge about prototype pollution.

In April, the challenge I made was released on Intigriti, if you haven’t checked that one, here is the link: https://challenge-0422.intigriti.io/

Making a good challenge is hard.

I made a few mistakes. With the bugs I made, the challenge became much easier. To make up for it, I decided to make another one, called “The Revenge of Intigriti 0422 Challenge”.

Below is the intended solution to the revenge challenge.

Challenge URL: https://aszx87410.github.io/xss-challenge/revenge-of-intigriti-0422

Read More

Challenge URL: https://challenge-0422.intigriti.io/

Read More

A while ago, I happened to play a lot of topics related to content type, so I decided to wrote an article about it.

Read More

Recently, I encountered many problems related to content type, so I decided to write an article to record them.

Read More

It’s a blog post about a few magical features that I have encountered recently. It is not interesting to say it directly. Let’s start with a few small challenges:

Read More

Here are a few magical features that I recently encountered. Let’s start with a few challenges:

Read More