parrot409 retweetledi
parrot409
352 posts

parrot409 retweetledi

Cross-Site ETag Length Leak
blog.arkark.dev/2025/12/26/eta…
I just posted the author writeup for impossible-leak in SECCON CTF 14 Quals. As far as I know, this is a new XS-Leak technique! The ETag header can become a side channel :)
English
parrot409 retweetledi
parrot409 retweetledi
parrot409 retweetledi

NEW: OAuth misconfigurations show how common dev settings can lead to account takeovers.
Our second deep dive breaks down real cases where overlooking differences between desktop and mobile environments left SDKs, exchanges, and wallets open to exploits.
osec.io/blog/2025-10-1…
English
parrot409 retweetledi

XSS-Leak: Leaking Cross-Origin Redirects, Subdomains and More! You can read the article here: blog.babelo.xyz/posts/cross-si…

English

parrot409 retweetledi

Here is video POCs
iOS steal iCloud data: youtube.com/shorts/y1WkAYs…
iOS Camera access: youtube.com/shorts/bwZg3VY…
Mac steal iCloud data: youtu.be/gbiPPkNFlQAMac
Mac Camera access: youtu.be/4KR258DwAMo

YouTube

YouTube

YouTube

YouTube
Italiano
parrot409 retweetledi

@albinowax @tincho_508 That's great news! It reminds me of a Gunicorn bug (now patched) I found, where HEAd was treated as HEAD. Since it returned a Content-Length without a body (as expected for HEAD), it caused confusion with proxies that didn’t expect a HEAD request!
English
parrot409 retweetledi

SQL Injection despite using prepared statements? 🧐
Turns out that SQL syntax can be ambiguous! Learn how this has led to vulnerabilities in several popular PostgreSQL client libraries:
sonarsource.com/blog/double-da…
#appsec #security #vulnerability
English

@parrot409 Yes.
I used credentialless at #L29" target="_blank" rel="nofollow noopener">github.com/arkark/my-ctf-…
English

Published the author's writeup.
Link: blog.arkark.dev/2025/05/30/alp…
Topics:
- DOM Clobbering with Prototype Pollution
- iframe's `credentialless` attribute trick
Ark@arkark_
XSS Challenge Time🚩 Do you like client-side challenges? If you find the solution, submit the flag! Challenge link: alpacahack.com/challenges/alp…
English
parrot409 retweetledi
parrot409 retweetledi

i stopped auditing /net/sched because kCTF players have used it to print 0days for years now and I figured “surely they’re running out of bugs there”; so based on similar past decisions/analysis of mine, you can guarantee another year or two of bugs from there
roddux@roddux
No shortage of kernel bugs... :) Kernel 6.6.87 got pwned by 6 unique 0days within 25 seconds of going live on kCTF, lol: docs.google.com/spreadsheets/d…
English

@parrot409 Nice bug, couldn't you use ftp:// or other remote schemes like smb:// dav:// nfs:// for bypassing the path in case of a different distro/setup. This works in Mac not sure about others bugcrowd.com/disclosures/f7…
English

CVE-2025-3155 writeup
It's about exfiltrating files using the GNOME Help application. It isn't severe as it requires some user interaction, but it's a fun bug.
gist.github.com/parrot409/e970…
English













