Among the many web vulnerabilities, my favorite is prototype pollution. It can be powerful sometimes when you find a script gadget.

So, I decided to make an XSS challenge about prototype pollution.

In April, the challenge I made was released on Intigriti, if you haven’t checked that one, here is the link: https://challenge-0422.intigriti.io/

Making a good challenge is hard.

I made a few mistakes. With the bugs I made, the challenge became much easier. To make up for it, I decided to make another one, called “The Revenge of Intigriti 0422 Challenge”.

Below is the intended solution to the revenge challenge.

Challenge URL: https://aszx87410.github.io/xss-challenge/revenge-of-intigriti-0422

Read More

Challenge URL: https://challenge-0422.intigriti.io/

Read More

A while ago, I happened to play a lot of topics related to content type, so I decided to wrote an article about it.

Read More

Recently, I encountered many problems related to content type, so I decided to write an article to record them.

Read More

It’s a blog post about a few magical features that I have encountered recently. It is not interesting to say it directly. Let’s start with a few small challenges:

Read More

Here are a few magical features that I recently encountered. Let’s start with a few challenges:

Read More

Last month, I created an XSS challenge and hosted it on my GitHub: https://aszx87410.github.io/xss-challenge/notes/

This is the writeup about the challenge and solutions, including intended and unintended.

I will start from the intended one.

Read More

There were two difficult Web questions this time. I solved one, and the other one was unsolvable, but the solution is worth a look. Here’s a brief summary.

Read More

If you want to generate a new window on a webpage, there are probably only two options: one is to embed resources on the same page using tags such as iframe, embed, and object, and the other is to use window.open to open a new window.

As a front-end developer, I believe that everyone is familiar with these. You may have used iframe to embed third-party web pages or widgets, or used window.open to open a new window and communicate with the original window through window.opener.

However, from a security perspective, there are many interesting things about iframes, which often appear in the real world or in CTF competitions. Therefore, I want to record some of the features I learned recently through this article.

Read More

ERPNext is a very popular open-source ERP(Enterprise Resource Planning) software built on Frappe Framework.

Last December, we found two vulnerabilities in the latest version of ERPNext: SSRF(Server-Side Request Forgery) and account takeover via XSS. Both vulnerabilities require a low-privileged authenticated user to perform the attack.

By exploiting SSRF, a malicious actor could steal the credentials from cloud metadata and may lead to RCE. For XSS, it’s possible to take over others’ accounts.

We reported both vulnerabilities on November 25th, 2021. At the time of writing, there is still no fix for those two issues, so we decided to publish the details to inform the public about the risk.

Read More