Writeups
All the writeups we've published.
-
USCG Open Season 5: Deep-Fried-Inator - Path Traversal to RCE
Published: at 03:00 PMExploiting path traversal in file uploads to achieve arbitrary file write and remote code execution by overwriting system binaries.
-
USCG Open Season 5: Leetcoder - Python Sandbox Escape
Published: at 03:00 PMPython sandbox escape through function reassignment to bypass whitelist restrictions and read the flag file.
-
USCG Open Season 5: Burger Converter - XSS + CORS Admin Takeover
Published: at 03:00 PMExploiting XSS and CORS misconfiguration to change admin password and gain unauthorized access through admin bot interaction.
-
USCG Open Season 5: Beg-o-Matic 3000 - Next.js CSRF with CSS Injection
Published: at 03:00 PMExploiting a Next.js application through CSS injection to extract Next-Action headers and bypass CSRF protection.