Pre-text If you’ve always thought hacking Android apps was just about bypassing root detection, SSL pinning, or proxying HTTP requests through Burp Suite to uncover backend bugs, it might be time to shift your mindset. While these are valuable steps...
Static Web - 300pts - 63 solves Full Source Given web application that serves static file by defining custom routes and using fs.readFile to read the content. if (req.url.startsWith('/static/')) { const urlPath = req.url.replace(/\.\.\//g, '') const filePath = path.join(__dirname, urlPath);...
The finding started when DOTA 2 is announcing the new feature for the battle pass owner that is being able to create a guild in the game the update was around October 2020. Guild Updates We reintroduced Guilds during the...
I was playing the Nahamcon 2021 Capture The Flag with my team AmpunBangJago we’re finished at 4th place from 6491 Teams around the world and that was an achievment for me. Well me and my team was able to solve...
Open Redirect Open Redirect adalah kerentanan dimana aplikasi menerima input dari pengguna yang akan digunakan untuk perpindahan halaman atau redirect pada aplikasi dan biasanya input tersebut tidak mempunyai filter atau dapat dibypass, input dari user yang akan di gunakan sebagai...