- Published on
Hacking a note-taking app from BITSCTF 2025. The exploit leverages a UTF-8 to ASCII conversion issue to inject XSS that remains unnoticed by DOMPurify and uses angular.js from Cloudflare CDN to bypass CSP restrictions.
Unicode-overflow
All Posts
- pwn (7)
- bitsctf (6)
- bitsctf-2025 (6)
- web (5)
- rev (5)
- osint (4)
- flagyard (4)
- pwntools (4)
- malware (4)
- crypto (3)
- forensic (3)
- nullcon (3)
- nullcon-2025 (3)
- xss (2)
- lactf (2)
- lactf-2025 (2)
- srop (2)
- stego (2)
- hardware (2)
- sqlinjection (2)
- dompurify (1)
- csp (1)
- unicode-overflow (1)
- games (1)
- 0xl4ugh (1)
- broncoctf (1)
- broncoctf-2025 (1)
- backdoorctf24 (1)
- torrent (1)
- pcap (1)
- misc (1)
- elfisyou (1)
- baba-is-you (1)
- bluehensctf (1)
- glacierctf (1)
- cve-2024-34064 (1)
- hackthevotectf (1)
- arduino (1)
- lucky (1)
- rop (1)
- rsa (1)
- ret2libc (1)
- bcrypt (1)
- ssti (1)
- dns (1)
- dig (1)
- int-overflow (1)
- spookyctf (1)
- binary (1)
- ctflearncom (1)
- ehax (1)
- ehax-2025 (1)
- sandbox (1)
- shellcode (1)
- payload (1)
- chess (1)