Published onFebruary 13, 2025BITSCTF 2025 - WEB: Get into my cute small plannerwebWebwebBITSCTFBITSCTF-2025xssdompurifycspunicode-overflowNamervrHacking a note-taking app from BITSCTF 2025. The exploit leverages a UTF-8 to ASCII conversion issue to inject XSS that remains unnoticed by DOMPurify and uses angular.js from Cloudflare CDN to bypass CSP restrictions.
Published onNovember 23, 2024GlacierCTF - SkiDatawebWebwebxssglacierctfcve-2024-34064NamervrThe challenge involved crafting an XSS payload to extract a flag from an HTML tag, leveraging a vulnerability in the processing of uploaded .xlsx files and exploiting xmlattr vulnerability in Jinja2.
