tl;dr

• /source to get the source
• Access local host from dev_test using SSRF
• SQLI to get the flag path a nd LFI to get the flag

tl;dr

• Arbitrary type confusion in DFG JIT
• Bug eliminates a single CheckStructure node

tl;dr

• Json_Interoperability - /verify_roles?role=supersuperuseruser\ud800","name":"admin
• Prototype_Pollution - {"constructor":{"prototype":{"test":"123"}}} in config-handler

tl;dr

• Leak admin’s hash using wildcard target origin in postMessage or by calculating sha256('').
• Create an XSS payload to read /api/flag and send it to attacker server.

tl;dr

• LFI(Local File Inclusion) Using Hackbar plugin.

tl;dr

• Steghide
• Restricted Shell

tl;dr

• Reading meta data using Exiftool.
• Using sqlmap to get Password hash.

tl;dr

• Local File Inclusion

tl;dr

• smb enumeration using smbclient.

tl;dr

• pWnOS:2.0 is a vulnerable VM , where our objective is to gain root access of the machine.
• blog 0.4.0 - Multiple Remote s exploit.
• upload reverse shell file to spawn a shell.