h4fan security
  • Tags
  • Archive
  • Tools

Learning SSTI with gosecure

Gosecure的SSTI环境学习记录

December 25, 2020

环境地址 gosecure 的ssti教程地址template-injection-workshop [Read More]
Tags:
  • ssti
  • websec

Intigriti XSS Challenge-2020 Writeup

December 15, 2020

Intigriti’s December XSS Challenge https://challenge-1220.intigriti.io/ [Read More]
Tags:
  • xss

An unsuccessful expressjs SSTI story

December 14, 2020

Recon Response Header x-powered-by: express. An expressjs website. [Read More]
Tags:
  • ssti
  • expressjs

alert 1337 - jquery prototype pollution

November 5, 2020

challenge here https://msrkp.github.io/ [Read More]
Tags:
  • xss
  • prototype pollution

alert(23) to win - eval(location.pathname)

October 24, 2020

while surfing the internet for some sec news, a xss challenge came across. challenge address https://renwax23.github.io/X/chal/oct22/ [Read More]
Tags:
  • xss
  • ← Newer Posts
  • RSS
  • GitHub
  • Email me

h4fan  •  2026

Powered by Beautiful Jekyll