- Published on
SSTI in Web pokemon starter pick challenge
All Posts
- Published on
Underflow exploit- Published on
Track a target based on a phone number- Published on
Random seed but with low value that can be bruteforced- Published on
Unity3D Gacha Game system : Solved using DNSpy, Cheatengine and Wireshark as no server side verification- Published on
Exploit example of a bufferoverflow on the OSCP exam- Published on
Exploit zip with ascci SHA 1 representation- Published on
Python jail with blacklist containg all letters + "." Unicode and octal is key- Published on
Python jail with blacklist containg all letters + "." Unicode and octal is key- Published on
Python jail with no builtins, using os._wrap_close to get the flag- Published on
Python jail with no builtins, "__" filters and size limitation. Unicode and _frozen_importlib_external.FileLoader was the solution- Published on
Exploit MacOS autologon feature- Published on
Getting secrets through stacktraces with flask- Published on
Getting secrets through stacktraces with flask- Published on
Getting secrets through stacktraces with flask