<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/">
  <channel>
    <title>blog on cors.ws</title>
    <link>https://cors.ws/blog/</link>
    <description>Recent content in blog on cors.ws</description>
    <generator>Hugo</generator>
    <language>en-us</language>
    <lastBuildDate>Wed, 14 May 2025 00:00:00 +0200</lastBuildDate>
    <atom:link href="https://cors.ws/blog/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>hqli-me (SekaiCTF 2025)</title>
      <link>https://cors.ws/blog/sekai-2025-hqli-me/</link>
      <pubDate>Wed, 14 May 2025 00:00:00 +0200</pubDate>
      <guid>https://cors.ws/blog/sekai-2025-hqli-me/</guid>
      <description>turning HQL injection into code execution</description>
    </item>
    <item>
      <title>vite (SekaiCTF 2025)</title>
      <link>https://cors.ws/blog/sekai-2025-vite/</link>
      <pubDate>Wed, 14 May 2025 00:00:00 +0200</pubDate>
      <guid>https://cors.ws/blog/sekai-2025-vite/</guid>
      <description>novel prototype pollution gadget in node.js 24 gives rce in vite preview server</description>
    </item>
    <item>
      <title>funny-lfr (SekaiCTF 2024)</title>
      <link>https://cors.ws/blog/sekai-2024-funny-lfr/</link>
      <pubDate>Tue, 27 Aug 2024 23:53:34 +0200</pubDate>
      <guid>https://cors.ws/blog/sekai-2024-funny-lfr/</guid>
      <description>race condition in starlette FileResponse allows reading procfs files</description>
    </item>
    <item>
      <title>calcql (SekaiCTF 2024)</title>
      <link>https://cors.ws/blog/sekai-2024-calcql/</link>
      <pubDate>Tue, 27 Aug 2024 00:53:34 +0200</pubDate>
      <guid>https://cors.ws/blog/sekai-2024-calcql/</guid>
      <description>how to use monotonic aggregates in CodeQL</description>
    </item>
    <item>
      <title>lookup (SekaiCTF 2024)</title>
      <link>https://cors.ws/blog/sekai-2024-lookup/</link>
      <pubDate>Tue, 27 Aug 2024 00:53:34 +0200</pubDate>
      <guid>https://cors.ws/blog/sekai-2024-lookup/</guid>
      <description>path confusion between com.sun.net.httpserver.HttpServer and nginx, exploit JNDI injection in high level jdk usign new commons-scxml gadget</description>
    </item>
    <item>
      <title>UIUCTF 2023 - adminplz</title>
      <link>https://cors.ws/blog/uiuctf-adminplz/</link>
      <pubDate>Thu, 27 Jul 2023 00:53:34 +0200</pubDate>
      <guid>https://cors.ws/blog/uiuctf-adminplz/</guid>
      <description>dangling markup injection via log poisoning to bypass strict CSP and leak a session token</description>
    </item>
    <item>
      <title>Rootme - Hardened Binary 4</title>
      <link>https://cors.ws/blog/rootme-hardened-binary-4/</link>
      <pubDate>Tue, 25 Jul 2023 00:53:34 +0200</pubDate>
      <guid>https://cors.ws/blog/rootme-hardened-binary-4/</guid>
      <description>exploiting a 32-bit ELF with full RELRO, stack canary, and NX via a format string vulnerability</description>
    </item>
    <item>
      <title>HTB - RegistryTwo</title>
      <link>https://cors.ws/blog/htb-registry-two/</link>
      <pubDate>Mon, 24 Jul 2023 00:53:34 +0200</pubDate>
      <guid>https://cors.ws/blog/htb-registry-two/</guid>
      <description>HTB machine involving Tomcat RCE, RMI path traversal, and a custom Java deserialization chain</description>
    </item>
  </channel>
</rss>
