($10,890) What is XSS in the ML/AI ecosystem, not only web3.0?

Hi guys, i wanna introduce a way to earn $10k bounty on an open-source projects. a month ago, i reported a bug in the ML Framework. and the bug i found was not critical so i needed to find a way to...

Sep 14, 2023

0-Day, Copy and Paste ReDoS in github.com

Summary In summary, I found a Self-ReDoS vulnerability in the issue feature of github.com and reported it to HackerOne. Analysis function onPaste$1(event) { const { currentTarget: el } = eve...

Aug 5, 2023

Line CTF 2023 Write Up

(Web) Baby Simple Gocurl (Web) Adult Simple Gocurl These two challenges require reading flag in the /flag/ path via SSRF. (Web) Baby Simple Gocurl n.startsWith("https://") || n.startsWit...

Mar 26, 2023

HTB apocalypse CTF 2023 spybug Write Up

spybug require("dotenv").config(); const fs = require("fs"); const path = require("path"); const express = require("express"); const session = require("express-session"); const { createAdmin } =...

Mar 24, 2023

b01lers CTF 2023 Write Up

Summary Cause I was lazy, I didn’t do ctf for a long time. If i say “cause I was busy”, it looks fucking stupid. When I’m solving, the time of ctf is only 5 hours, so i just decided to solve the w...

Mar 20, 2023

1
2
3
...
8
2 / 8