Actually, they probably just spent an incredible amount of time on them, the same as everything else in the picture. 😅

Did the artist stencil those kanji? I think that's the only way to get them that good.

I love the new logo animation. Makes the risk in Risky Biz all the more obvious.

I heard there is an upper limit on the path length. So if you do enough foo/../foo/.. and then stick /etc/passwd on the end it will leave off the .php if you get the length just right. Haven't tested it though.

The first link needs manual editing - the exclamation mark at the end should be included.

Found them!
- Mini 4WD Shining Scorpion Let's & Go!: mini-4wd.fandom.com/wiki/Mini_4W...!
- ASCII Grip Joypad: www.genkivideogames.com/ascii-grip-j...

If you share the CVE numbers or links I may take a look anyway for curiosity's sake.

Oh, you're trying to write PoCs for CVEs that have already been reported? Definitely a useful skill. I found SQLi on WordPress is a little tricky to exploit, as WordPress will strip out comments. I needed to step through with a debugger to really understand what was happening.

Want to pair up on them and split the bounty?