Summary The codegate was held from February 26th to 27th, but I did not even participate because I was not interested, and I only solved 3 web problems today for study. (Web) CAFE The CAFE cha...

Summary The psg.gsfc.nasa.gov was very vulnerable to Remote Code Execution. Analysis docker pull nasapsg/psg docker run -it -p 3000:3000 nasapsg/psg /bin/sh If you set as above, you can analy...

Summary This weekend, Hayyim Security hosted the CTF, and I participated in it for about 3 ~ 4 hours and I was solved Cyberchef, Not E and Cyber Headchef challenges. (Web) Cyberchef [100 pts] ...

There is no sql injection vulnerability in login logic, and login is generally not possible because there is no user account. def query_login_attempt(): username = flask.request.form.get('use...

Summary The @fabiocaccamo/utils.js is a package that provides methods with multiple functions for the convenience of developers. A vulnerability exists in one method included in this package. ...