logo

DOJO CHALLENGE #9 Winners!

ID: 953de903-f512-56f6-8420-e0f04d295f91

STIX ID: report--953de903-f512-56f6-8420-e0f04d295f91

Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed

Threat Score
55/100

Date Published: 2021-04-26

Date Updated: 2026-07-04

...
...

Remmer’s write-up describes a prototype-pollution based bypass of a server-side WAF that allows non-string objects to evade input checks, resulting in an SSRF that retrieves an internal secret (flag). The report provides PoC payloads, the final working JSON payload for the challenge, impact analysis and recommended fixes (use typeof checks, enforce integer ports, and build URLs via the URL API).

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.