0prrr/gist:b8da25d17c3382bc140df1f3d02cefba

Last active September 9, 2025 10:22

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/0prrr/b8da25d17c3382bc140df1f3d02cefba.js"></script>
Save 0prrr/b8da25d17c3382bc140df1f3d02cefba to your computer and use it in GitHub Desktop.

Download ZIP

All-Web

Raw

gistfile1.md

Must Read

Orange Tsai
https://blog.orange.tw/
Assetnote Research Notes
https://www.assetnote.io/resources/research

PHP

Supported Protocols and Wrappers
https://www.php.net/manual/en/wrappers.php
How an obscure PHP footgun led to RCE in Craft CMS
https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms
HITCON CTF 2018 - One Line PHP Challenge
https://blog.orange.tw/posts/2018-10-hitcon-ctf-2018-one-line-php-challenge/

SSRF

A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
https://www.youtube.com/watch?v=R9pJ2YCXoJQ

General

Abusing HTTP hop-by-hop request headers
https://nathandavison.com/blog/abusing-http-hop-by-hop-request-headers

Misc

Inline Style Exfiltration: leaking data with chained CSS conditionals
https://portswigger.net/research/inline-style-exfiltration

Resources

My-CTF-Web-Challenges
https://github.com/orangetw/My-CTF-Web-Challenges

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment