Information Participated with DeadSec CTF 2024 Challenge Author Comment Hello!, This is Little stranger, who participated DeadSec CTF as a web challenge author of Colorful board. Thank you to ever...

Information Team: DeadSec Write up web/zoo feedback form Desc Simple xxe injection prob, Inject exploit ( XML ) Exploit <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE root [ <!ENTIT...

Refer Portswigger Document JWT vulnerability🩸 Info This Problem is JWT confusion. RS256 uses an asymmetric key, a private key for generation, and a public key for verification. HS256 uses publi...

Information Target: MongoDB Vulnerability: Race Condition Desc MongoDB Race Condition Attack with db lock. Example Code // admin.controller.ts @Post('list') async getFlagList(@Body() listDto: Lis...

Information Team name: YouAreMyUniverse Rank: 3rd place Write up web/atten-dance Desc Get first flag with race condition attack, Get second flag with sql injection ( Json injection ) Exploit impo...