securitytaters

Solving SaaS from ImaginaryCTF 2021

Posted on Tue 27 July 2021 in CTF by 0xm4v3rick • Tagged with webappsec, writeup, linux, bypass

CTF challenge based on sed linux utility.

Posted on Mon 10 May 2021 in CTF by 0xm4v3rick • Tagged with webappsec, enumeration, writeup, API

CTF challenge all based on enumeration and troubleshooting.

Posted on Mon 20 April 2020 in CTF by 0xm4v3rick • Tagged with webappsec, file read, writeup, lfi

Local File Inclusion (LFI) in the code C code supplementing the web server.

Posted on Mon 20 April 2020 in CTF by 0xm4v3rick • Tagged with webappsec, file read, writeup

Challenge involving application allowing C code compilation which could be exploited to read files.

Posted on Mon 23 March 2020 in CTF by 0xm4v3rick • Tagged with webappsec, phantomjs, file read, writeup

Challenge based on CVE-2019-17221 - arbitrary file read in PhantomJS through 2.1.1.

Posted on Mon 23 March 2020 in CTF by 0xm4v3rick • Tagged with webappsec, PDF generators, file read, writeup

Challenge based on the talk Owning the clout through SSRF and PDF generators.

Posted on Mon 09 March 2020 in CTF by 0xm4v3rick • Tagged with webappsec, XSS, writeup

Challenge included simple Stored XSS to steal cookies in a chat application.

Posted on Mon 09 March 2020 in CTF by 0xm4v3rick • Tagged with webappsec, sql injection, writeup, sqlmap

SQL injection involving PostgreSQL. Blind SQLi with stacked Queries.

Posted on Mon 09 March 2020 in CTF by 0xm4v3rick • Tagged with webappsec, XXE, writeup

XXE challenge that involved using already available XML tag

Posted on Mon 17 February 2020 in Tutorials by 0xm4v3rick • Tagged with webappsec, burp suite, repeater, stepper, plugin

Small introduction to burp suite plugin stepper and how it can be used to speed up the testing.