Protected: HttpOnly vs SameSite vs Secure / CSP
There is no excerpt because this is a protected post.
Proudly powered by WordPress
Theme: razia by ashathemes.
Category: Blog
Your blog category
Protected: random
There is no excerpt because this is a protected post.
[dreamhack] captain-hook writeup
https://dreamhack.io/wargame/challenges/51 import frida import sys def on_message(message, data): print(message) # JavaScript code to be injected jscode = “”” var file = new File(“dump.txt”, “a”) //hook GdipSetSmoothingMode, add counter and print out counter each when it get called var counter = 0; const base = Module.findBaseAddress(‘CaptainHook.exe’) Interceptor.attach(Module.findExportByName(null, “GdipSetSmoothingMode”), { onEnter: function(args) { counter++; //console.log(“GdipSetSmoothingMode called: “.
[CVE-2023-5757] How I found Stored XSS from 100K+ downloaded plugin
Back in October 2023, I was working on finding vulnerabilities in WordPress plugins. Among one of them, I found a vulnerability from WP Crowdfunding which had a 100K + download. It was a Stored XSS vulnerability that occurs in WP Crowdfunding version <= 2.1.8. What is WP Crowdfunding? WP Crowdfunding is a plugin that enables.