tl;dr
- Leak csrf token bypassing document.domain
- visiting
/profile/
will not change the nonce - Leak nonce using dangling markup in firefox
- Add XSS payload using the csrf to get the flag
tl;dr
/profile/
will not change the nonce tl;dr
tl;dr
tl;dr
tl;dr
LOAD
and S_TYPE
opcodes lead to OOB when addr > DRAM_BASE+DRAM_SIZE
tl;dr
tl;dr
tl;dr
tl;dr
tl;dr