Balsn CTF 2022 - 2linenodejs
September 04, 2022Utilizing powerful prototype pollution gadgets to achieve remote code execution in a very small nodejs application
Utilizing powerful prototype pollution gadgets to achieve remote code execution in a very small nodejs application
Abusing log4j conversion patterns to leak an environment variable without the usage of JNDI
Another XS leak challenge, this time abusing a server side redirect to extract the flag
solutions for the web challenges I created for idekCTF 2021 (difference checker, fancy notes, generic pastebin challenge, steghide as a service, and jinjail)
a straightforward but interesting xs leak challenge from FwordCTF 2021