parrot409

Cross-Site ETag Length Leak blog.arkark.dev/2025/12/26/eta… I just posted the author writeup for impossible-leak in SECCON CTF 14 Quals. As far as I know, this is a new XS-Leak technique! The ETag header can become a side channel :)

Not only can you pollute `then`, but you can also pollute `return`! Both behaviors are specified in the ECMAScript spec.

You can sell the Whatsapp 0-click RCE for $5m but then how do you buy back your integrity and morals when it's used against a dissident (for example)? I can kind of see the $1m argument here.

NEW: OAuth misconfigurations show how common dev settings can lead to account takeovers. Our second deep dive breaks down real cases where overlooking differences between desktop and mobile environments left SDKs, exchanges, and wallets open to exploits. osec.io/blog/2025-10-1…

@strellic Happy birthdayy!

🍰 :))

XSS-Leak: Leaking Cross-Origin Redirects, Subdomains and More! You can read the article here: blog.babelo.xyz/posts/cross-si…

@es3n1n whoa he's great. His Tori no Uta cover is amazing youtu.be/1sysZFAdUe8?si…

Here is video POCs iOS steal iCloud data: youtube.com/shorts/y1WkAYs… iOS Camera access: youtube.com/shorts/bwZg3VY… Mac steal iCloud data: youtu.be/gbiPPkNFlQAMac Mac Camera access: youtu.be/4KR258DwAMo

@albinowax @tincho_508 That's great news! It reminds me of a Gunicorn bug (now patched) I found, where HEAd was treated as HEAD. Since it returned a Content-Length without a body (as expected for HEAD), it caused confusion with proxies that didn’t expect a HEAD request!

@n0tduck1e gmsgadget.com

@parrot409 what website?

I challenged myself to remember a library that isnt listed in this website but I failed.

My ctf memory is getting weak?

SQL Injection despite using prepared statements? 🧐 Turns out that SQL syntax can be ambiguous! Learn how this has led to vulnerabilities in several popular PostgreSQL client libraries: sonarsource.com/blog/double-da… #appsec #security #vulnerability

@arkark_ oh I meant Icesfont, the challenge solver.

@parrot409 Yes. I used credentialless at #L29" target="_blank" rel="nofollow noopener">github.com/arkark/my-ctf-…

Published the author's writeup. Link: blog.arkark.dev/2025/05/30/alp… Topics: - DOM Clobbering with Prototype Pollution - iframe's `credentialless` attribute trick

And the video!! youtu.be/sUFDKTaCQEk?si…

i stopped auditing /net/sched because kCTF players have used it to print 0days for years now and I figured “surely they’re running out of bugs there”; so based on similar past decisions/analysis of mine, you can guarantee another year or two of bugs from there

@RenwaX23 > if you load an ftp:// URI it will open Finder app and connects you to the server then automatically mount all the files into /Volumes/ That's so smart wow. Linux/Ubuntu doesn't support it but It gave me some ideas.

@parrot409 Nice bug, couldn't you use ftp:// or other remote schemes like smb:// dav:// nfs:// for bypassing the path in case of a different distro/setup. This works in Mac not sure about others bugcrowd.com/disclosures/f7…

CVE-2025-3155 writeup It's about exfiltrating files using the GNOME Help application. It isn't severe as it requires some user interaction, but it's a fun bug. gist.github.com/parrot409/e970…