h4fan security
  • Tags
  • Archive
  • Story
  • Blog
A Q
h4fan security

blog about security, tech

  • RSS
  • Email
  • GitHub
  • Mastodon
  • About
count
h4fan  •  2025

  • Learning XXE with gosecure

    Gosecure的XXE环境学习记录

    Posted on December 27, 2020

    LAB 1: Basic XXE ./gradlew build 没有反应,修改版本 21_rssviewer_xxe/gradle/wrapper/gradle-wrapper.properties distributionUrl=https\://services.gradle.org/distributions/gradle-4.8.1-all.zip 重新build即可。 [Read More]
    Tags:
    • xxe
    • websec

  • Learning SSTI with gosecure

    Gosecure的SSTI环境学习记录

    Posted on December 25, 2020

    环境地址 gosecure 的ssti教程地址template-injection-workshop [Read More]
    Tags:
    • ssti
    • websec

  • Intigriti XSS Challenge-2020 Writeup

    Posted on December 15, 2020

    Intigriti’s December XSS Challenge https://challenge-1220.intigriti.io/ [Read More]
    Tags:
    • xss

  • An unsuccessful expressjs SSTI story

    Posted on December 14, 2020

    Recon Response Header x-powered-by: express. An expressjs website. [Read More]
    Tags:
    • ssti
    • expressjs

  • alert 1337 - jquery prototype pollution

    Posted on November 5, 2020

    challenge here https://msrkp.github.io/ [Read More]
    Tags:
    • xss
    • prototype pollution
  • ← Newer Posts
  • Older Posts →
  • the 'bad' psk | 28 Aug 2024
  • the eks cluster games CTF writeup | 05 Aug 2024
  • DoH - dns over https | 02 Aug 2024
  • the big iam challenge CTF writeup | 30 Jul 2024
  • prompt airlines CTF writeup | 28 Jul 2024
  • k8s lan party ctf writeup | 23 Jul 2024
  • Github Code Search不支持特定分支搜索 | 01 Jun 2024
  • TopNews和NewsToday-一个页面中查看你关注的所有站点 | 24 May 2024
  • AIChatProxy - 一个页面同时和3个AI通信 | 23 May 2024
  • 保存response body到文件-burp插件 | 07 Dec 2023