The text is a writeup of the Pwnme CTF 2025. It includes a vulnerability in the search input box, an XSS exploit, bypassing restrictions, and an alternative approach. It also discusses a flawed XSS sanitization, an exploit using a...
About:
Jackfromeast is a vulnerability researcher interested in software security and mitigation strategies.
Website:
Specializations:
Interests:
Outgoing Links:
Subscribe to RSS:
The text discusses a vulnerability in V8 version 11.9.99 that allows for an out-of-bound read/write of an array. It explains the process of achieving addrof and fakeobj, arbitrary address read and write primitives, and the limitat...
The text is a writeup of the UIUCTF 2024 challenge, Pwnypass, which introduces a password manager extension that listens for username and password form submissions on different web domains and saves their credentials to local stor...
The text provides an overview of Jazzer, a coverage-guided, in-process fuzzer for the JVM platform developed by Code Intelligence. It explains the features of libFuzzer, the components required to start fuzzing, and the restrictio...
The text is a writeup of solving a memory corruption vulnerability in a WebAssembly binary. It discusses the challenges, disassembly, and exploitation of the vulnerability, as well as the basics of WebAssembly and memory corruptio...
The blog post discusses the V8 exploit, revisiting oob-v8 *CTF2019. It explains the vulnerability, memory layout, type confusion, arbitrary read and write primitives, overwriting __free_hook to system, and creating RWX page with W...
0hack.lu 2023 Writeup
2023-10-15 • web development puzzle javascript craftsmanship cookies challenge application improvement cross-site scripting keywords multiline strings html hand sanitizer admin access session dompurify payload biomechanics endpoints write-up ammonia solution xss math-related tags malicious note benign malicious scripts
The writeup contains an interesting mXSS challenge, named awesome-note-2, from the hack.lu this year. The server application is written in Rust. The HTML Sanitizer in Rust is called ammonia. The sanitization rules applied on the b...
The text is a writeup of the SEETF 2023 event, discussing the challenges and solutions. It includes details about the challenges, vulnerabilities, and exploitation techniques used to solve them. The challenges include stack pivot ...
The text is a writeup of the JustCTF 2023 challenges, focusing on pwn challenges involving sqlite3 database exploitation, heap overflows, and UAF vulnerabilities. It also discusses subdomain hijacking, opcode validation bypass, an...
The text is a writeup of the p4CTF teaser 2023. It includes the author's participation in the p4 ctf, solving AI-related challenges, and a blind pwn challenge. The blind pwn challenge involves identifying a bug in the source code ...
The text is a writeup of the meloCon 2023 CTF, where the author attempted to solve two pwn challenges. The NoRegVM challenge had multiple vulnerabilities, but only the fmt vulnerability was exploitable. The author utilized the dou...
The text is a writeup of the SDCTF 2023 money-printer-2 challenge, which is a format string challenge. It explains the challenge, the objective, and the solution. It also includes a detailed exploit and a stack overflow vulnerabil...
The text is a writeup for the UMD CTF 2023 held by the University of Maryland. It includes a lot of interesting challenges in the Pokemon theme. The challenges include Pwnsplash, You Want Me To Run What??, Secure Banking, WebTerps...
The text is a write-up for the dynamic-allocator-misuse(heap) module of the pwn.college. It discusses various techniques such as UAF, heap overflow, tcache poisoning, double free, house of spirit, memory copy through tcache head, ...
The text discusses the recent trending attack, prompt injection, on chatGPT, Sydney(Bing), or other LLM services. It covers various types of attacks on AI models, including security of software and hardware, data integrity, model ...
The blog post discusses the author's experience of working with V8, including building V8 from the source, debugging V8, and understanding V8's compilation pipeline. It also provides links to resources for building and debugging V...
The text is about the WestLake CTF and the author's experience playing in it. It includes details about the code, symbolic execution, vulnerabilities, and the exploit script.
The text is a writeup for the RealWorld CTF 2023, covering the baby-level and normal-level challenges, including a socket.io-based chat room, a non-heavy FTP, and a paddle challenge. The writeup discusses the vulnerabilities found...
0idekCTF 2022 Writeup
2023-01-19 • cybersecurity write-up ctf competitions
The text is a writeup of the idekCTF 2022, which includes a summary of the challenges and the approaches used to solve them. It covers the sprintf challenge, the simple file server challenge, and the Typop challenge. The writeup a...
The text explains the important concepts of the Heap and uses the ptmalloc in the Glibc 2.31 library as an example. It discusses the overall layout of the heap and chunks, data structures used for management, low-level behavior of...