KaitoVu

In this CTF tournament, I successfully clear all web challenge with team Void_Walker This is my write up for chall THCity: Authentication Collapse (Part 1 and 2)OverviewThe challenge runs two Docker services behind a single Apache HTTP server on port 8888: flag_app (PHP + Apache): serves a public site and a Basic-Auth-protected /secret/ page whose PHP reads a flag from Redis. express_sso (Node.js/Express): an internal SSO service on port 3000, only reachable from flag_app. Apache’s a...

COMING SOON (waiting for CVE)

Overview of Prototype Pollution Prototype pollution vulnerabilities typically arise when user input is used to set properties ofexisting objects.This vuln is kind of long theory so I will not discuss in this blog. You can learn more about this vulnerable here But after complete that learning-path, I start do some CTF challenge and writeup it here. pr0t0typ3 p011ut10n OverviewThe Exploit chain for this challenge have two step: Bypass login as admin through a type-confusion / query-form...

This is my Writeup for Web challenge of UTECTF 2025 (my university annual CTF)website: https://ctf.hcmute.edu.vn/ Gimme Damoexploit chain: SSRF → PyYAML Deserialization → RCE1. TL;DR Web public có endpoint /proxy?url=...&data=... cho phép gửi đi POST request tùy ý → SSRF. Dịch vụ internal (chỉ truy cập được trong mạng docker) dùng yaml.load của PyYAML 5.3.1 nên bị CVE-2020-14343 → PyYAML Deserialization. 2. Analysis:a. app.py1234567891011121314151617181920212223242526272829303132333435...