Orel

1753CTF 2025 Writeups This time I couldn't invest a lot of time, but I still solved some easy challenges.1753CTF 2025 was different from those I participated in the past, in a way that the interaction with the platform (su...

My last writeups for three easy challenges from 1753CTF.
Simple broken access control, Unicode normalization and bcrypt input truncation.

www.thesecuritywind.com/post/1753ctf...

Sounds unfair to me, as it was exploitable. The only issue was in their web app. Correct me if I'm wrong

Nice flow! What was the reason they considered it as out of scope?

Which ones do think might be suitable?

😆

I guess it's less tested than other types of vulnerabilities, so I'm just curious.

Very interesting. How common do you think prototype pollution is in JavaScript web applications?

A small code-golf web challenge (free research from you, for me), how short can you make a "fetch content and execute it inline".

There is a CSP in a meta tag.
Goal: get the content from the file hack.js and have it inserted in the page. like in the image

joaxcar.com/xss/self.html

The Silent Sea

Amazing, good luck!

World Wide CTF 2024 World Wide Email Search Writeup (Web) I think this was the first time I was part of one of the first teams to solve a hard challenge in a big CTF. We were the third team to solve it (it ended with 7 solves out of ~580 teams). Sagiv and I worked together on this challenge and it was enriching and fun, especially because I tried a lot of different things along the way and learned new things.The solution to this challenge might seem a bit straightforward or easy but I think what made it a hard challenge were the subtle hints and limite

Here's a link to my latest blog post!
www.thesecuritywind.com/post/world-w...