blog.harold.kim
whoami
·
RSS
2022-03-20
bughunting
Finding bugs to trigger Unauthenticated Command Injection on a NETGEAR router
2022-02-08
bughunting
Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql
2021-11-22
ctf
N1CTF 2021 Writeup
2021-03-21
ctf
LINECTF 2021 Writeup
2020-11-08
bughunting
git clone CRLF bug leading to SSRF in various products
2020-11-03
bughunting
Writing details about vulnerabilities I found in Japanese CMS Products
2019-05-31
bughunting
Multiple vulnerabilities in Ridibooks
2019-05-21
ctf
Harekaze CTF 2019 Writeup
2019-01-17
bughunting
GNUBoard5 RCE & MySQL Credential Leak
2018-11-29
ctf
BCTF2018 babyweb Writeup - PostgreSQL and FastJSON RCE
2018-09-28
bughunting
1000USD from KISA Bug Bounty
2018-09-16
ctf
TrendMicro CTF 2018 Writeup
2018-09-03
ctf
TokyoWesterns CTF 2018 Writeup
2018-04-28
writeup
ASISCTF 2018 Gameshop Solution - Exploring PHP unserialize()
2018-04-28
writeup
ASISCTF 2018 Moehost Solution - Escaping Docker in Docker
2018-03-26
ctf
VolgaCTF 2018 Lazy Admin writeup
2018-03-23
development
Notes on qemu-system
2018-03-04
notice
Welcome