CVE-2024-XXXX| zhero_web_security
I will share some of my findings here, do not hesitate to contact me on X or by email if needed.| zhero_web_security
After a long break from challenges and CTFs, I felt it was time to start training again. The urge came earlier this month, following some introspection on how little I had been dedicating to such exercises, a realization that left me with a sense of.. guilt? I then visited the Intigriti Discord server, hoping to find an ongoing challenge, but nothing was happening at that time. So, I was eagerly awaiting this one, let’s dive in.| zhero_web_security
Recently, I received a bounty for a vulnerability discovered on an e-commerce site allowing the personal information — including the delivery address — of a user to be changed. Let’s talk about it!| zhero_web_security
Let me explain how did I overcome this XSS challenge set up by the bug bounty platform Intigriti. It may be a source of inspiration for some of you during your research.| zhero_web_security
Let’s take a closer look at how cache poisoning works and how I was able to exploit this vulnerability to get a DOS on the home page of a large company.| zhero_web_security
Today I decided to share with you my last little discovery and to explain a little more in detail how prototype pollution work.| zhero_web_security
CVE-2025-29927| zhero_web_security