NextJS research, Actions discovery, SSRF, VHOST spoofing & Freemarker SSTI with filter bypass - FCSC 2025 Wirteups
Tags
8 pages
Web
Race Condition, OAuth without state and redirection into XSS & RCE via HTML2PDF - PhantomFeed HTB University 2023
Nginx configuration bypass & Forging HTTP request - FCSC2023 Follow The Rabbit
Abusing FindFirstFile to do PHP Session Hijacking - THCon23 Demo App
Server-Side Prototype Pollution on a WebSocket server - BreizhCTF Ariane Chat
