/my-days-and-not

Analysis of vulnerabilities from security audit || CTF (Capture the Flag)

Primary LanguageJava

My days and not

Analysis of vulnerabilities from security audit || CTF (Capture the Flag).

CVE Analysis list

Name Field Vulnerability Proof of Concept(PoC)
CVE-2021-43849 Mobile - Android Denial of Service (DoS) Link 2 PoC
CVE-2022-2071 Web Application CSRF + XSS Link 2 PoC
CVE-2022-2072 Web Application XSS Link 2 PoC
CVE-2022-3241 Web Application SQL Injection(SQLi) Link 2 PoC
CVE-2022-3860 Web Application SQL Injection(SQLi) Link 2 PoC
CVE-2023-4724 Web Application SQL Injection(SQLi) Link 2 PoC
CVE-2023-5882 Web Application SQL Injection(SQLi) Link 2 PoC

CTF Writeups

Name Field Vulnerability Writeup Platform
ConfigEditor Mobile - Android Java Deserialization Link 2 Writeup MHL
Europa Web Application SQLi, preg_replace() Link 2 Writeup HTB
Bank Web Application File Upload Link 2 Writeup HTB