Categoría: writeups

File path traversal, validation of start of path

File path traversal, traversal sequences stripped with superfluous URL-decode

File path traversal, traversal sequences stripped non-recursively

File path traversal, traversal sequences blocked with absolute path bypass

File path traversal, simple case

Basic SSRF against the local server

Accidental exposure of private GraphQL fields

Accessing private GraphQL posts

SQL injection vulnerability allowing login bypass

Exploiting cross-site scripting to steal cookies