spybug require("dotenv").config(); const fs = require("fs"); const path = require("path"); const express = require("express"); const session = require("express-session"); const { createAdmin } =...

Summary Cause I was lazy, I didn’t do ctf for a long time. If i say “cause I was busy”, it looks fucking stupid. When I’m solving, the time of ctf is only 5 hours, so i just decided to solve the w...

Summary Function call procedure The analysis /lib/application.js#L548L610 /lib/view.js#L52L95 /lib/application.js#L655L661 /lib/view.js#L133L136 How to...

Summary few days ago, i found an interesting logic in req.query() and call the qs module inside req.query(). the qs module limits a number of parameter and default limit number is 1000. so if we ...

After a long time I did ctf again. Actually, a few days ago, 김지섭님, a member of zer0pt, asked me to do CCE together, but I refused. The reason was because of work. But I was able to find 5 XSS from...