Categories
2023
Race Condition, OAuth without state and redirection into XSS & RCE via HTML2PDF - PhantomFeed HTB University 2023

XSS, Race Condition, XS-Leaks and CSP & iframe's sandbox bypass - LakeCTF 2023 GeoGuessy

Nginx configuration bypass & Forging HTTP request - FCSC2023 Follow The Rabbit

Abusing FindFirstFile to do PHP Session Hijacking - THCon23 Demo App

Server-Side Prototype Pollution on a WebSocket server - BreizhCTF Ariane Chat

Exfiltration of secrets using an XS-Leaks - HackTM Secrets
