Race Condition, OAuth without state and redirection into XSS & RCE via HTML2PDF - PhantomFeed HTB University 2023

Exploiting a Race Condition, OAuth without state and redirection into XSS & RCE via HTML2PDF to solve the last web challenge PhantomFeed from HTB University 2023

XSS, Race Condition, XS-Leaks and CSP & iframe's sandbox bypass - LakeCTF 2023 GeoGuessy

Exploiting XSS, XS-Leaks or Race condition to steal bot's GPS coordinates.

Nginx configuration bypass & Forging HTTP request - FCSC2023 Follow The Rabbit

Forging custom a HTTP request to bypass a restrictive Nginx configuration. Writeup of the challenge Follow The Rabbit of FCSC2023.

Abusing FindFirstFile to do PHP Session Hijacking - THCon23 Demo App

Abusing the FindFirstFile Windows API function to do PHP Session Hijacking via Path Traversal. Writeup of the Demo App challenge of the THCon23 CTF.

Server-Side Prototype Pollution on a WebSocket server - BreizhCTF Ariane Chat

Use a Server-Side Prototype Pollution to get an admin account on a Socket.IO chat server. Writeup of the Ariane Chat challenge of the BreizhCTF 2023.