#24

&& instead of || leads to an RCE

Assetnote blog is a gift that just keeps giving. This time, Shubs found a vulnerability that originated in a very simple mistake. In the if instruction, the AND operator was used instead of the OR operator. This simple mistake led to the RCE in the Dynamicweb...

Solving a CTF task by ASCII-only JAR webshell

This writeup from Real World CTF 2022 from LiveOverflow’s team is absolutely mental. He shows the whole process of how solving a properly hard CTF task looks like, including problems and unsuccessful ideas. The exploit ends in creating a ASCII-only .jar file......

OAuth + ../ + postMessage bug = account takeover

Oauth account takeovers via open redirects became less common these days - most implementations force developers into specifying strict lists of allowed domains, hence it’s not possible to fiddle with them. However, sometimes you can chain it with another...

Web3 learning corner #2

First, I decided to rename the Blockchain learning corner to Web3 learning corner - the name seems more appropriate as I was not learning Blockchain itself but Blockchain-related technologies and Web3 is a widely-accepted way to describe it. With that sorted out,...

Nuclei Burp Plugin

I know a lot of hackers use nuclei. If you are using it, too, definitely check out the Nuclei Burp plugin that allows generating nuclei templates straight from Burp Suite. It’s not on the BApp store so you have to install it manually from .jar file....