-
Lovely nonces (ASIS CTF Quals 2021) the unintended way.
The quasi-crypto part by Arusekk The first thing I noticed in this task was unsafe random nonce generation. Unpredictable random values in Node.js should be generated using crypto.random*() and not Math.random(), which is designed to be fast, not safe. So while the others were working on an XSS payload that...
-
XSS introduction and multi-level challenge writeup.
A few months ago I took part in a multi-level XSS challenge organized by @haxel0rd with @ObscurityApp and later was asked to explain my solution. The challenge was divided into 10 levels with increasing difficulty. Almost each level was about exploiting different XSS context, which was great for the sake...
-
Introducing sqlmap into non-HTTP services.
Recently, I was introduced to an interesting problem: How to automate the SQL injection exploitation of non-HTTP service? Non-HTTP service, in this case, means that the communication between client and server isn’t HTTP based and might be text or binary. As sqlmap is designed to scan web applications it uses...