tl;dr
- CVE-2024-6827
- CVE-2024-31617
Web Exploitation , Bug Bounty , Zeroday
CVE, Gunicorn, OpenLiteSpeed
tl;dr
- Reversing Hogan.js
- RCE - using Hogan-js
Web Exploitation , Bug Bounty
Hogan_js, Prototype Pollution
tl;dr
- Bypass nginx’s DENY ALL using
SCRIPT_NAME
- Calculate key_id uploading
flag.txt.enc
- Leak the key and decrypt
flag.txt.enc
CTF
Nginx
tl;dr
- HTML injection to XSS
html=</h1></div><code id=intigriti><b><i(('>&xss=));alert(document.domain)
CTF , Labs
Client Side, XSS
tl;dr
- Lab1 - Prototype pollution in deparam when combined with reddit platform.js turns out to be xss
- Lab2 - Prototype pollution to Xss via arg.js
- Lab3 - Prototype pollution to Xss via recaptcha
Web Exploitation , Labs
Client Side, Prototype Pollution
tl;dr
- Json_Interoperability -
/verify_roles?role=supersuperuseruser\ud800","name":"admin
- Prototype_Pollution -
{"constructor":{"prototype":{"test":"123"}}}
in config-handler
- rce - using squirrelly-js
CTF , 0days
InCTFi, Json_Interoperability, Prototype Pollution
tl;dr
- Using Prototype pollution vulnerablity in fast-json-patch pollute value in outputFunctionName
- Get a shell as the flag can only be obtained using binary file
CTF
Prototype Pollution, RCE