Security Notes
A collection of vulnerability research, CTF solutions, and security engineering notes.
Web SecurityOAuth 2.0Race Condition
Authentication Bypass via Race Condition in OAuth Flow
An in-depth analysis of a high-severity race condition vulnerability found in a financial application's OAuth 2.0 implementation.
•8 min read
Node.jsPrototype PollutionRCE
From Idle to Pwn: Chaining Prototype Pollution to RCE
How a simple prototype pollution in a Node.js dashboard widget led to full remote code execution.
•12 min read
IDORAPI SecurityPII Leak
Massive Data Leak via IDOR in Support Ticket System
Uncovering an Insecure Direct Object Reference that exposed thousands of private support tickets containing PII.
•6 min read