- Published on
Hacking a note-taking app from BITSCTF 2025. The exploit leverages a UTF-8 to ASCII conversion issue to inject XSS that remains unnoticed by DOMPurify and uses angular.js from Cloudflare CDN to bypass CSP restrictions.
Xss
All Posts (57)
- pwn (13)
- rev (10)
- osint (8)
- web (8)
- bitsctf (6)
- bitsctf-2025 (6)
- forensic (5)
- crypto (5)
- swampctf (5)
- swampctf-2025 (5)
- misc (4)
- flagyard (4)
- pwntools (4)
- malware (4)
- 1753ctf (3)
- 1753ctf-2025 (3)
- stego (3)
- nullcon (3)
- nullcon-2025 (3)
- pwnme-2025 (2)
- pwnme (2)
- xss (2)
- ssti (2)
- pingctf (2)
- lactf (2)
- lactf-2025 (2)
- dawgctf (2)
- dawgctf-2025 (2)
- srop (2)
- greyctf-2025 (2)
- grey-cat-the-flag-2025 (2)
- hardware (2)
- nahamcon-ctf (2)
- nahamcon-ctf-2025 (2)
- sqlinjection (2)
- pearl (2)
- utctf-2025 (2)
- utctf (2)
- dompurify (1)
- csp (1)
- unicode-overflow (1)
- btsctf (1)
- btsctf-2025 (1)
- ldap (1)
- ldap-injection (1)
- command-injection (1)
- type-juggling (1)
- magic-hash (1)
- linux-privesc (1)
- games (1)
- 0xl4ugh (1)
- broncoctf (1)
- broncoctf-2025 (1)
- backdoorctf24 (1)
- torrent (1)
- pcap (1)
- elfisyou (1)
- baba-is-you (1)
- bluehensctf (1)
- glacierctf (1)
- cve-2024-34064 (1)
- hackthevotectf (1)
- arduino (1)
- lucky (1)
- rop (1)
- rsa (1)
- ret2libc (1)
- bcrypt (1)
- dns (1)
- dig (1)
- int-overflow (1)
- spookyctf (1)
- binary (1)
- ctflearncom (1)
- ping (1)
- ehax (1)
- ehax-2025 (1)
- sandbox (1)
- shellcode (1)
- payload (1)
- mobile (1)
- css (1)
- chess (1)
- umdctf (1)
- umdctf-2025 (1)
- Published on
The challenge involved crafting an XSS payload to extract a flag from an HTML tag, leveraging a vulnerability in the processing of uploaded .xlsx files and exploiting xmlattr vulnerability in Jinja2.