bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

Pwnypass - uiuctf 2024

h3ri0s
2024-07-08
Web

tl;dr

  • Chrome extension debugging and exploitation
  • Leaking flag byte by byte using css injection
Read More
Web uiuctf CSS Injection

Phantomfeed - HTB University CTF 2023

Winters
2023-12-16
Web

tl;dr

  • Leak JWT token through Race Condition.
  • Leak authorization token via an open redirect.
  • Chaining XSS & CSRF in the oauth pipeline to leak the Admin’s oauth access token.
  • RCE via CVE-2023-33733.
Read More
Race Condition HTBUniversityCTF Oauth RCE Web

Awesomenotes II - Hack.lu CTF 2023

Z_Pacifist
2023-10-16
Web

tl;dr

  • XSS + HTML sanitization library (ammonia) bypass
  • Namespace confusion in ammonia using custom allowed extra tags(math & style)
Read More
Writeup Web mXSS Hack.lu CTF 2023

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.