Google XSS Game Exploit & Patch
Hi, here are six easy but interesting XSS games hosted by Google. This blog records the writeup, how to patch these vulns and CSP-based protection strategies. More importantly, I summarized the browser parsing process in terms of the timing of different decoding occurring.
Read moreA JS Beginner-Friendly Introduction to Prototype Pollution
This blog aims to summarize everything about the javascript-specific vulnerability - prototype pollution: necessary knowledge about javascript, what is the prototype and prototype chain, how to exploit the prototype pollution vulnerability and several CTF challenges related to the prototype pollution which might help in understanding all the stuff.
Read moreWeb安全入门靶场Natas通关详解(下)
简介: 本文是对OverTheWire: Natas服务器端Web安全入门靶场通关的记录中的下半篇,主要包括第18-34关。
Read moreWeb安全入门靶场Natas通关详解(上)
简介: 本文是对OverTheWire: Natas服务器端Web安全入门靶场通关的记录中的上半篇,主要包括第1-17关。
Read more