-
37C3 Potluck CTF 2023 - Santify
Santify This week, I participated in the 37C3 Potluck CTF and solved a few challenges, among which I particularly enjoyed the Santify challenge. Therefore, I decided to write a blog post about it. Challenge Description The challenge’s backend is written in PHP and includes the following functionalities: User Login/Registration. Create...
-
Unveiling the Stealth of DNS Rebinding - Bypassing SSRF Protection
Introduction: In the realm of web application security, Server-Side Request Forgery (SSRF) poses a significant threat. To counter this vulnerability, developers often implement safeguards to restrict requests to private IP addresses. However, cunning attackers have discovered an ingenious technique called DNS rebinding to bypass these protection mechanisms. In this blog,...
-
Unmasking the Razer Unquoted Search Path Vulnerability - A Hilarious Code Tango - $750 USD
Introduction: Greetings, my fellow code aficionados and bug bounty hunters! Prepare to embark on a side-splitting adventure into the realm of cybersecurity, where we shall unveil the uproarious Razer Unquoted Search Path Vulnerability. With a touch of mischievous code and a dash of deep knowledge, this journey promises laughter and...