bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

Pwnypass - uiuctf 2024

h3ri0s
2024-07-08
Web

tl;dr

  • Chrome extension debugging and exploitation
  • Leaking flag byte by byte using css injection
Read More
Web uiuctf CSS Injection

Image Gallery - bi0sCTF 2024

ma1f0y
2024-03-06
Web

tl;dr

Image gallery 1

  • Get xss by uploading index.html in public dir
  • Use bf cache to get the flag.

Image gallery 2

  • Slice files.js using nginx partial caching.
  • Use Subresource Integrity to load the right script
  • Use DOM clobbering and Cache probing to leak the flag uuid
Read More
bi0sCTF2024

കുട്ടി Notes - bi0sCTF 2024

Lu513n
2024-02-29
Web

tl;dr

  • DOM Clobbering to Redirect to another page
  • Increasing Content using SQL Injection giving the same column multiple times
  • Connection-Pool XS-Leaks to measure the time for the page to load
  • Leak the flag character by character using the above techniques
Read More
bi0sCTF DOM Clobbering XS-Leaks

Variety Notes - bi0sCTF 2024

Luc1f3r,Lu513n
2024-02-26
Web

tl;dr

  • Capturing the flag id through redos attack in /search endpoint
  • XSS in /uuid/noteid/raw and HTML injection in /uuid/noteid
  • CSP frame-src bypass through server side redirect
Read More
bi0sCTF ReDos CSP bypass

Phantomfeed - HTB University CTF 2023

Winters
2023-12-16
Web

tl;dr

  • Leak JWT token through Race Condition.
  • Leak authorization token via an open redirect.
  • Chaining XSS & CSRF in the oauth pipeline to leak the Admin’s oauth access token.
  • RCE via CVE-2023-33733.
Read More
Race Condition HTBUniversityCTF Oauth RCE Web

Nexus Void - HTB University CTF 2023

Luc1f3r
2023-12-15
Web

tl;dr

  • Misconfiguration in JWT token validation
  • SQL Injection through JWT token
  • Insecure Deserialization in .NET leading to RCE using custom class StatusCheckHelper
Read More
Writeup HTBUniversityCTF2023 .NET Deserialization SQL Injection JWT

Walk Off The Earth - TPCTF 2023

Luc1f3r
2023-11-30
Web

tl;dr

  • Mutation XSS using namespace confusion
  • Parsing inconsistency in JSDOM
Read More
Writeup TPCTF mXSS

awesomenotes-1 - Hacklu CTF 2023

L0xm1
2023-10-18
Web

tl;dr

  • XSS using hx- attribute to fetch the flag from /api/note/flag.
Read More
HackluCTF

päääd - Hack.lu CTF 2023

alfin
2023-10-16
Web

tl;dr

  • meta redirect to attacker website, using the html injection in the paaad.
  • leak the unique subdomain with csp violation.
  • Another meta redirect csrf with the leaked subdomain to make the note public.
Read More
Hack.luCTF2023

Awesomenotes II - Hack.lu CTF 2023

Z_Pacifist
2023-10-16
Web

tl;dr

  • XSS + HTML sanitization library (ammonia) bypass
  • Namespace confusion in ammonia using custom allowed extra tags(math & style)
Read More
Writeup Web mXSS Hack.lu CTF 2023

1 / 3

 Next 

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.