Bot Takeover 0x1
· β 5 min read · βοΈ M4t35Z
Command injection in a discord BOT
ctf
iDrive
· β 4 min read · βοΈ M4t35Z
Union-Based SQL injection in a file download functionality leads to arbitrary file read
LaunchR
· β 4 min read · βοΈ M4t35Z
IDOR discloses userid of other users. SSTI discloses SECRET_KEY which was same as the jwt secret. With this, I changed my userid to admin.
Secret Token
· β 4 min read · βοΈ M4t35Z
URL parser regex whitelist bypass with \ (This challenge was based on a real bug in google's main library which was found by a hungarian researcher David SchΓΌtz)