Latest Posts

Abusing file inclusions using Windows 8.3 filename legacy shortcodes - MMACTF Rotten Uploader web 150 writeup

Sep 6, 2016 • ctf

Using the legacy windows 8.3 filename short code, we bypass the filter to download files. (MMACTF 2016 web 150 writeup)

MongoDB - Extracting data (admin password) using NoSQL Injection - MMACTF 2016 Web 100 writeup

Sep 5, 2016 • ctf

Using NoSQL injections to extract admin password from the database (MMACTF 2016 web 100 writeup)

Command Injection via Bruteforce ZipCracker - MMACTF 2016 Web 200 writeup

Sep 5, 2016 • ctf

Command injection via the dictionary file used for bruteforce. (MMACTF 2016 web 100 writeup)

Remote Code Execution via Python __import__() - MMACTF 2016 Tsurai Web 300 writeup

Sep 5, 2016 • ctf

Manipulating Python's __import__() statement to import attacker controlled modules (MMACTF 2016 web 100 writeup)

Prompt.ml - XSS Challenges writeup

Jun 18, 2016 • webchallenges, xss

If you haven't seen this already, this is a series of XSS challenges by Filedescriptor. The challenges were really good and if you haven't attempted to solve it, you should definitely try yourself before reading the writeups here.

escape.alf.nu - XSS Challenges writeup

Jun 17, 2016 • webchallenges, xss

If you haven't seen this already, this is a series of XSS challenges by Erling Ellingsen. The challenges were really good and if you haven't attempted to solve it, you should definitely try yourself before reading the writeups here.

PHP object Injection via Cookie unserialize() - Nuit du hack CTF Web 100 writeup

Apr 3, 2016 • ctf

Reading local files with PHP object Injection via Cookie unserialize() (Nuit du Hack 2016 web 10 writeup)

Markdown based Stored XSS in Zendesk !

Feb 15, 2016 • bugbounty

How markdown can help in triggering XSS ?

Previous Page: 2 of 10 Next

Tweets by 0daylabs

Newsletter signup

Latest Posts