The article is about how to exploit css exfiltration via attr() on >=Chrome 133. After Chrome 133 was released, users are able to load resources via the image-set(var(–val)) after getting data from attr via the attr()

The article is about how i have got $10k via xss vulnerability in the ML/AI ecosystem. i am sure that many researcher on web2.0 found the xss vulnerability but not all guys gets big bounty for xss. so today i wanna introduce what we need to do after finding xss. Actually every bug can give you guys nice bounty > even if it’s xss

The article is about 0-day, ReDos vulnerability in github.com. ReDoS vulnerability is a type of DoS vulnerability that occurs within a regular expression engine. This vulnerability occurred in the paste-markdown module on GitHub.

This article is about write-up for the Line ctf 2023. there is only two web challenges, both of which contain an SSRF bug

This article is about write-up for the HTB apocalypse CTF 2023. there is only one web challenges, which contain an XXS bug

This article is about write-up for the b01lers CTF 20233. there is only one web challenge, which contain an XXS bug

This article is about the RCE vulnerability that occurs only in highly specific cases in web services using the Express framework. Express is a web framework based on Node.js

This article is about the logic that can occur when a query string is passed to Express. Express is a web framework based on Node.js

This article is about write-up for the CCE 2022. there is only three web challenges, all of which contain RCE, XSS, SSRF. Actually someone ask to me paly it but i couldn’t join with him.

This article is about write-up for the SSTF 2022. there is only one web challenge, which contain JWT bug