DOJO CHALLENGE #8 Winners!
ID: 6ee48fe9-5c66-5652-ba87-b4f7dd63a7bb
STIX ID: report--6ee48fe9-5c66-5652-ba87-b4f7dd63a7bb
Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed
This write-up documents a Dojo CTF challenge where the author bypasses multiple URL-based security checks in a Deno application to perform an SSRF-like retrieval of a /secret endpoint. By exploiting inconsistencies between the Deno URL object's parsed pathname and the raw request string—using the host value '0', URL-encoded traversal (%2e%2e) and non-standard separators—the author obtains the secret flag and explains the step-by-step technique.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
