↓ Skip to main content

Web

OpenECSC 2024 Final Round — Slurm

21 September 2024·322 words·2 mins

OpenECSC 2024 Web Mongodb Path-Traversal Hash-Oracle

Exploiting a race condition in database writes and a checksum oracle to brute-force a secret file character by character.

LA CTF 2024 — Jason Web Token

17 February 2024·275 words·2 mins

Augusto , Rickbonavigo

LA CTF 2024 Web Crypto Jwt Type-Juggling Python

Abusing Python’s floating point arithmetic to forge JWT-like tokens — when float(‘inf’) meets type juggling.