iDrive π Nov 1, 2020 · β 4 min read · βοΈ M4t35Z Union-Based SQL injection in a file download functionality leads to arbitrary file read
LaunchR π Nov 1, 2020 · β 4 min read · βοΈ M4t35Z IDOR discloses userid of other users. SSTI discloses SECRET_KEY which was same as the jwt secret. With this, I changed my userid to admin.
Secret Token π Nov 1, 2020 · β 4 min read · βοΈ M4t35Z URL parser regex whitelist bypass with \ (This challenge was based on a real bug in google's main library which was found by a hungarian researcher David SchΓΌtz)