Published inDeveloper Community SASTRAJavaScript Prototype pollutionPrototype pollution (not to be confused with Parameter pollution)is a little-known bug. Unlike SQL Injection or XSS, Prototype pollution is…May 24, 2021May 24, 2021
Published inDeveloper Community SASTRAPwning PHP: Type JugglingIn PHP “==” is used to compare values of two variables, but like PHP the “==” comparison is also weird. When comparing a string and an…Apr 29, 2021Apr 29, 2021
HeroCTF v3 Writeup: You Should DieYou should die is a web challenge with 60 points,Apr 26, 2021Apr 26, 2021
HTB Cyber Apocalypse CTF 2021: Wild Goose HuntWild Goose Hunt is a web-based challenge with the difficulty of 2 stars,Apr 24, 2021Apr 24, 2021
HTB CyberApocalypse CTF: CAASCAAS is a web-based challenge with a difficulty of one star,Apr 24, 2021Apr 24, 2021
HTB Cyber Apocalypse CTF 2021: MiniSTRyplaceMiniSTRyplace is a web-based challenge with a difficulty of one star,Apr 24, 2021Apr 24, 2021
Published inDeveloper Community SASTRAPwning PHP: Remote Code ExecutionRCE allows an attacker to execute code on the vulnerable machine, the severity of RCE is critical (well what do you need more than that?).Apr 18, 2021Apr 18, 2021
Published inDeveloper Community SASTRANAT SlipstreamingI used to think if a device is not exposed to the public internet it is safe because bad actors cannot access them as it has NAT (Network…Apr 7, 2021Apr 7, 2021