blog.harold.kim

whoami · RSS

• 2022-03-20   bughunting
  Finding bugs to trigger Unauthenticated Command Injection on a NETGEAR router
  
  
• 2022-02-08   bughunting
  Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql
  
  
• 2021-11-22   ctf
  N1CTF 2021 Writeup
  
  
• 2021-03-21   ctf
  LINECTF 2021 Writeup
  
  
• 2020-11-08   bughunting
  git clone CRLF bug leading to SSRF in various products
  
  
• 2020-11-03   bughunting
  Writing details about vulnerabilities I found in Japanese CMS Products
  
  
• 2019-05-31   bughunting
  Multiple vulnerabilities in Ridibooks
  
  
• 2019-05-21   ctf
  Harekaze CTF 2019 Writeup
  
  
• 2019-01-17   bughunting
  GNUBoard5 RCE & MySQL Credential Leak
  
  
• 2018-11-29   ctf
  BCTF2018 babyweb Writeup - PostgreSQL and FastJSON RCE
  
  
• 2018-09-28   bughunting
  1000USD from KISA Bug Bounty
  
  
• 2018-09-16   ctf
  TrendMicro CTF 2018 Writeup
  
  
• 2018-09-03   ctf
  TokyoWesterns CTF 2018 Writeup
  
  
• 2018-04-28   writeup
  ASISCTF 2018 Gameshop Solution - Exploring PHP unserialize()
  
  
• 2018-04-28   writeup
  ASISCTF 2018 Moehost Solution - Escaping Docker in Docker
  
  
• 2018-03-26   ctf
  VolgaCTF 2018 Lazy Admin writeup
  
  
• 2018-03-23   development
  Notes on qemu-system
  
  
• 2018-03-04   notice
  Welcome