Summary Function call procedure The analysis /lib/application.js#L548L610 /lib/view.js#L52L95 /lib/application.js#L655L661 /lib/view.js#L133L136 How to...

Summary few days ago, i found an interesting logic in req.query() and call the qs module inside req.query(). the qs module limits a number of parameter and default limit number is 1000. so if we ...

After a long time I did ctf again. Actually, a few days ago, 김지섭님, a member of zer0pt, asked me to do CCE together, but I refused. The reason was because of work. But I was able to find 5 XSS from...

I participated in the CTF called sstf after 5 months. Today, I wrote that how to solve a JWT Decoder. ~/Downloads/prob ❯ tree -I "node_modules" . ├── Dockerfile ├── docker-compose.yml ├── flag.txt...

Summary The outlook web app service is a mail service provided by Microsoft. A researcher named Max discovered a Copy and Paste XSS vulnerability in the web service in 2021. However, I was able ...