rekter0

can we please get the libxml2 and ffmpeg people some cold cash, lambo's and decent quality blow as a token of appreciation for all the ASAN splats we throw over the fence and want to have fixed pronto? I know one man's trash (CVE's) is another man's treasure, but we gotta respect and support these hardworking devs a bit more. how else do you expect to play back (x-rated) flicks that come in esoteric video container formats or correctly render SVG's containing vector depictions of your favorite animals in safari?

@S1r1u5_ You guys should start using the same prettier conf

what does this man even cooking?

I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes! Learn how below: portswigger.net/research/inlin…

🥈 Thrilled to nab 2nd as Blue Water, teamed up with @perfect_blue at DEFCON CTF Final 33! 🙌 Congrats to @mmm_ctf_team for their 4th straight 1st 💪 We’re gunning for the crown next year! Join our crew to make it happen! DM us or drop us an email! 🚀 #DEFCON #CTF

@blueminimal @sqrtrev Use sqlite atach database into css directory Or use sqli to update user_tables obj column to trigger elixir binary to term deserialise rce

@sqrtrev Oh nice! Can you upload the exploit somewhere? I am curious to see how you got direct leakage without doing it via the blind sqli :)

Making a payload for AXIS challenge was so painful because of the web socket stuff

I just learned that OSC8 (hyperlinks) in Windows Terminal uses ShellExecute(). Excellent trolling potential for README files 😆

Now you know why

🧵 [1/4] Here is our DOMPurify 3.2.1 bypass, using a namespace confusion technique where each element is initially in a “correct” namespace. When it was allowed, the ‘is’ attribute was not handled correctly, making the attribute content’s regex check obsolete. #mXSS #XSS

Jesse Pollak showing the ease of onboarding with Onflow.

Trade onchain with counterparties, not addresses, privately. Finally, a small demo of the Onflow protocol, fully computed proof in zero-knowledge with no internet required. Going live on Base soon, and many other ecosystems. 1-click ZK-KYC, everywhere, imminent✨

📝Another fantastic write-up about the Remedy Closed Beta Challenge. Dive into details r0.haxors.org/posts?id=43 Big kudos to @rekter0 for this comprehensive breakdown🙏 Curious about and want to give it a shot? Join us on Discord to explore and take part discord.gg/q5kZAH7kN5

A twitter content spoofing issue being exploited by same recent Ledger hackers? you can put any username and as long as the tweet id is valid it will be redirected to the correct account. the scam pages drain using same ledger hack contract bytecode 🤔

Thx for hosting such a great CTF. Great team work with @pb_ctf. Congraz to *0xA and MMM. See you guys in Final!

Blue Water places 2nd place in DEF CON CTF Finals! Blue Water is a merger of @pb_ctf + @Water_Paddler + Samsung Research + Tea Deliverers. Thank you to @Nautilus_CTF for the great CTF, and shoutout to all the other finalists! See you next year? 😉

Multiple vulns in vestacp including 2 privesc found with @0xkasper

@butt3rflyh4ck Check release files or you can try on v2 github.com/ImpressCMS/imp…

@rekter0 Hi guy, I want to reproduce this vuln and study but why I can not find processImage.php in impressCMS-1.4.1 or 1.4.2-rc2. tks.

impressCMS - unauthenticated code execution r0.haxors.org/posts?id=8

Exploiting NFS server via SSRF #HITCON CTF 2021 Metamon-Verse Writeup r0.haxors.org/posts?id=27

Moodle Blind SQL injection via MNet authentication r0.haxors.org/posts?id=26

Moodle Stored XSS and Blind SSRF i've found earlier this year with @holme_sec r0.haxors.org/posts?id=20