I consider myself, in my infinite laziness, to be primarily an information disclosure-oriented hunter. This is, of course, subject to change, but due to work commitments and whatnot, this is what I am at this moment in time. The most effective method of finding info disclosure bugs is arguably dorking.…
Trello is a nice website owned by Atlassian. It lets you create "boards" which contain "cards". Tasks can be moved between cards. It's a great system for keeping track of things. You can configure boards to be public or private. This is where the problems start. Jimmy is impatient. He…
This XSS was accidental. For whatever reason, I was messing about with the searchbar, putting various payloads into it without expecting to find anything. So eventually, I put in the following payload into the searchbar: "><img src=x> And of course, nothing happened. But something caught…
I've recently come across an interesting misconfiguration. This is regarding Apache Flink. What is Flink? Flink is a framework for processing data streams. It runs on port 8081 by default. What are data streams? Re the Flink documentation: Any kind of data is produced as a stream of events. Credit…
This is my account of my first CTF. It started at 10:30am or so. Having had no previous experience with CTFs, this CTF really hooked me into the world of competitive hacking. I'll only be talking about the problems I solved here. BSides DublinBSides DublinI ended up in 27th…