Categories
2023
Race Condition, OAuth without state and redirection into XSS & RCE via HTML2PDF - PhantomFeed HTB University 2023
![Featured image of post Race Condition, OAuth without state and redirection into XSS & RCE via HTML2PDF - PhantomFeed HTB University 2023](/img/htbuniv2023-phantom-feed/banner.png)
XSS, Race Condition, XS-Leaks and CSP & iframe's sandbox bypass - LakeCTF 2023 GeoGuessy
![Featured image of post XSS, Race Condition, XS-Leaks and CSP & iframe's sandbox bypass - LakeCTF 2023 GeoGuessy](/img/lakectf2023-geoguessy/banner.png)
Nginx configuration bypass & Forging HTTP request - FCSC2023 Follow The Rabbit
![Featured image of post Nginx configuration bypass & Forging HTTP request - FCSC2023 Follow The Rabbit](/img/follow-the-rabbit/banner.png)
Abusing FindFirstFile to do PHP Session Hijacking - THCon23 Demo App
![Featured image of post Abusing FindFirstFile to do PHP Session Hijacking - THCon23 Demo App](/img/thcon23-demoapp/windows.png)
Server-Side Prototype Pollution on a WebSocket server - BreizhCTF Ariane Chat
![Featured image of post Server-Side Prototype Pollution on a WebSocket server - BreizhCTF Ariane Chat](/img/arianechat-breizhctf/banner.png)
Exfiltration of secrets using an XS-Leaks - HackTM Secrets
![Featured image of post Exfiltration of secrets using an XS-Leaks - HackTM Secrets](/img/secrets-hacktmctf/banner.png)