Critical Broken Access Control Allows Student Users to Modify Other Classrooms
Security report for PixelPath LMS API: authenticated Student users can enumerate, access, and modify classrooms outside their enrollment.
Security report for PixelPath LMS API: authenticated Student users can enumerate, access, and modify classrooms outside their enrollment.
Two challenges, two chains: bypass a Python proxy via duplicate Content-Type headers to trigger an unauthenticated React Server Components prototype-pollution RCE, then exploit an unbounded std::vector swap to build arbitrary read/write primitives and ROP your way to root.
Full CTF Writeup (Web: CorpMail, The Soldier of God Rick | Misc: JinJail | Forensics: Log, Tattletale | Reverse: Bunaken | Blockchain: tge, Convergence, Nexus)
Stored XSS and Critical Information Disclosure via Laravel Debug Mode
Static 64-bit binary abusing a hidden ROP chain in the .data section, stack pivot via lea rsp, chained gadgets for flag validation, and full reverse engineering of a static ELF.