[CTF NDH 2018 Quals] Write-Up – Web : PixEditor

Posted by: Yann C.  /   Category: / / / NDH2k18 /   /   No Comments
01
Apr
2018

Write-up of the challenge “Web – PixEditor” of Nuit du Hack 2018 CTF qualifications.

The weekend of 03/31/2018 is pre-qualification for the Nuit du Hack 2018 as a Jeopardy CTF. Having had the opportunity and the time to participate with some colleagues and friends, here’s a write-up resolution of the challenges which we.

Read more

[CTF NDH 2018 Quals] Write-Up – Web : Crawl me maybe!

Posted by: Yann C.  /   Category: / / / NDH2k18 / / Vulnerabilities, exploits and PoC   /   No Comments
01
Apr
2018

Write-up of the challenge “Web – Crawl me maybe!” of Nuit du Hack 2018 CTF qualifications.

The weekend of 03/31/2018 is pre-qualification for the Nuit du Hack 2018 as a Jeopardy CTF. Having had the opportunity and the time to participate with some colleagues and friends, here’s a write-up resolution of the challenges.

Read more

[CTF NDH 2018 Quals] Write-Up – Web : Linked Out

Posted by: Yann C.  /   Category: / / / NDH2k18 / / Vulnerabilities, exploits and PoC   /   No Comments
01
Apr
2018

Write-up of the challenge “Web – Linked Out” of Nuit du Hack 2018 CTF qualifications.

The weekend of 03/31/2018 is pre-qualification for the Nuit du Hack 2018 as a Jeopardy CTF. Having had the opportunity and the time to participate with some colleagues and friends, here’s a write-up resolution of the challenges which.

Read more
03
Apr
2017

A subdomain of Mozilla.org has several XSS vulnerabilities and an HTTP Response Splitting vulnerability.

This article illustrates the exploitation of an HRS (HTTP Response Splitting) in order to elevate it in a reflected XSS through a concrete example: Mozilla. When searching for vulnerable (sub)-domains as part of a Bug Bounty program, the subdomain dictionary attack.

Read more