Hey I’m Jesus

Disclaimer This blog post is shared for educational and academic purposes only. All issues described here were responsibly reported to the affected company and have since been verified. The intention of this write-up is to raise awareness, improve security practices, and share lessons learned with the community. Since I was back in Korea and looking for my next role, I decided to spend this month fully focused on bug bounties again. It’s always a mix of frustration and small breakthroughs. One of the simple but surprisingly interesting bugs I uncovered was this cross-domain redirect flaw in a bank’s merchant administration flow. ...

Disclaimer This blog post is shared for educational and academic purposes only. All issues described here were responsibly reported to the affected company and have since been fixed and verified. Permission to publish was granted by the company. The intention of this write-up is to raise awareness, improve security practices, and share lessons learned with the community. Act I — The Setup It all started on a lazy evening in April. I wasn’t trying to hack anything major, just poking around a movie ticketing site which I’m client of with DevTools open. As I added a ticket to my cart, something odd caught my eye: a POST request carrying a mysterious parameter named encInfo. ...

I participated as a member of team CibersecUNI. This time i managed to solve all 6/6 challenges in the web category. Whispers of the Moonbeam Observando las funciones, nos dan una pista que se puede inyectar comandos con ;. Usando el comando gossip, puedo listar los archivos, se visualiza el archivo flag.txt, y con un simple ; puedo concatenar el comando cat para leer la flag. gossip; cat flag.txt Obtenemos la flag. 🎉 HTB{Sh4d0w_3x3cut10n_1n_Th3_M00nb34m_T4v3rn_78cb9b70be3bf077e608865b967b5ab1} ...

I participated as a member of team CibersecUNI. In the web category we solved 6/9 challenges as a team. In this writeup I will go through the ones that I have solved: Testimonial Labyrinth Linguist TimeKORP Locktalk Testimonial As the leader of the Revivalists you are determined to take down the KORP, you and the best of your faction’s hackers have set out to deface the official KORP website to send them a message that the revolution is closing in. ...

Web cache Poisoning Web cache poisoning is not web cache deception, is not response splitting or request smuggling web cache deception tricking caches into storing sensitive information so the attackers can access to it. web cache poisoning is serve payloads to users via cache responses Cache keys: The unique identifier that the server wont cache (refresh based on that: only host + path) “Everything that is not part of the cache key is part of the cache poisoning attack surface” ...