Lorenzo Leonardini
@pianka.it
Computer scientist, cybersecurity guy, wannabe musician
You might know me as "pianka"
CTF player with @aboutblankets
🔗 https://sec.leonardini.dev
You might know me as "pianka"
CTF player with @aboutblankets
🔗 https://sec.leonardini.dev
Currenly playing around with Bun's URL parser, and I must say it's pretty fun. It's not vulnerable as it's never used raw, but expect a few GH issues and a blog post about it.
Spoiling the least interesting quirk to keep you on your toes :)
Hopefully I'm not ruining anybody's future challenge :')
Spoiling the least interesting quirk to keep you on your toes :)
Hopefully I'm not ruining anybody's future challenge :')
January 2, 2025 at 3:34 PM
Currenly playing around with Bun's URL parser, and I must say it's pretty fun. It's not vulnerable as it's never used raw, but expect a few GH issues and a blog post about it.
Spoiling the least interesting quirk to keep you on your toes :)
Hopefully I'm not ruining anybody's future challenge :')
Spoiling the least interesting quirk to keep you on your toes :)
Hopefully I'm not ruining anybody's future challenge :')
TIL that in Go this snippet produces `/foo/bar`, and... I feel like that's.. wrong..?
The HTTP server router does not handle this as `/foo/bar`, and parsing this with Node returns `/foo%2fbar` (which is what I expected)
Does anyone have any insight on this?
The HTTP server router does not handle this as `/foo/bar`, and parsing this with Node returns `/foo%2fbar` (which is what I expected)
Does anyone have any insight on this?
December 28, 2024 at 12:51 PM
TIL that in Go this snippet produces `/foo/bar`, and... I feel like that's.. wrong..?
The HTTP server router does not handle this as `/foo/bar`, and parsing this with Node returns `/foo%2fbar` (which is what I expected)
Does anyone have any insight on this?
The HTTP server router does not handle this as `/foo/bar`, and parsing this with Node returns `/foo%2fbar` (which is what I expected)
Does anyone have any insight on this?