/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

pwning.net
| | wachter-space.de
5.0 parsecs away

Travel
| | This is a writeup of an easy/medium pwn challenge called "Profile" featuring a type confusion, some GOT overwriting, and a funny but unnecessary one gadget exploit for the fun of it. We are given the following files: main.c profile (binary) Dockerfile docker-compose.yml Let's look at main.c and see if we can spot a vulnerability from the provided source code. #include #include #include #include struct person_t { int id; int age; char *name; }; void get_value(const char *msg, void *pval) { printf("%s", ms...
| | www.da.vidbuchanan.co.uk
4.3 parsecs away

Travel
| |
| | blog.pspaul.de
6.0 parsecs away

Travel
| | Last year, @swapgs and I found a fun bug in the popular enterprise VPN solution Zscaler. The VPN client used the pacparser library to decide which HTTP requests to proxied based on a PAC file.
| | balintmagyar.com
40.3 parsecs away

Travel
| Fixed in version 16.2.0.0128 - $11,250 bug bounty