-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.html
98 lines (88 loc) · 4.11 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
<!DOCTYPE html>
<html lang="en" prefix="og: http://ogp.me/ns#">
<head>
<link href="http://gmpg.org/xfn/11" rel="profile">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<!-- Metadata -->
<meta name="description" content="cfreal Charles Fol blog" />
<meta property="og:description" content="cfreal Charles Fol blog" />
<meta property="og:title" content="cfreal's blog" />
<meta property="og:type" content="website" />
<meta property="og:url" content="" />
<meta property="og:image" content="/images/profile.jpg" />
<!-- Enable responsiveness on mobile devices-->
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1">
<title>cfreal's blog</title>
<!-- CSS -->
<link href="//fonts.googleapis.com/" rel="dns-prefetch">
<link href="//fonts.googleapis.com/css?family=Droid+Serif:400,700,400italic|Abril+Fatface|PT+Sans:400,400italic,700&subset=latin,latin-ext" rel="stylesheet">
<link rel="stylesheet" href="/theme/css/poole.css" />
<link rel="stylesheet" href="/theme/css/hyde.css" />
<link rel="stylesheet" href="/theme/css/syntax.css" />
<link rel="stylesheet" href="/theme/css/style.css" />
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v6.7.1/css/all.css" crossorigin="anonymous">
<!-- Feeds -->
<link href="/feeds/all.atom.xml" type="application/atom+xml" rel="alternate" title="cfreal's blog Full Atom Feed" />
<!-- Analytics -->
</head>
<body class="theme-base-0d">
<div class="sidebar">
<div class="container sidebar-sticky">
<div class="sidebar-about">
<h1>
<a href="/">
<img class="profile-picture" src="/images/profile.jpg">
cfreal's blog
</a>
</h1>
<p class="lead"></p>
<p class="lead">Hacker.<br/>
Maintainer of <a href="https://github.com/ambionics/phpggc">PHPGGC</a>, <a href="https://github.com/cfreal/ten">ten</a>...<br/>
Previous <a href="/pages/research.html">research</a>.
</p>
<p></p>
</div>
<nav class="sidebar-social">
<a class="sidebar-social-item" href="https://twitter.com/cfreal_" target="_blank">
<i class="fab fa-twitter"></i>
</a>
<a class="sidebar-social-item" href="https://bsky.app/profile/cfreal.bsky.social" target="_blank">
<i class="fab fa-bluesky"></i>
</a>
<a class="sidebar-social-item" href="https://www.linkedin.com/in/charles-fol-85996b125" target="_blank">
<i class="fab fa-linkedin"></i>
</a>
<a class="sidebar-social-item" href="https://github.com/cfreal" target="_blank">
<i class="fab fa-github"></i>
</a>
</nav>
</div>
</div> <div class="content container">
<div class="posts">
<div class="post">
<h1 class="post-title" href="/google-ctf-2019-glotto-writeup.html">
<a href="/google-ctf-2019-glotto-writeup.html">Google CTF Quals 2019: GLotto Writeup</a>
</h1>
<span class="post-date">jeu. 27 juin 2019</span>
<p>
<h1>Introduction</h1>
<p>The Google CTF 2019 Quals happened this week-end and a friend told me about the GLotto web challenge, which seemed really fun. Can you imagine this ? A <em>fun</em> web challenge ! I had a go at it and here's my writeup. The idea is to push an ORDER BY SQL …</p>
</p>
<a class="read-more" href="google-ctf-2019-glotto-writeup.html">Continue reading »</a>
</div>
<div class="post">
<h1 class="post-title" href="/carpe-diem-cve-2019-0211-apache-local-root.html">
<a href="/carpe-diem-cve-2019-0211-apache-local-root.html">CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation</a>
</h1>
<span class="post-date">mer. 03 avril 2019</span>
<p>
<h1>Introduction</h1>
<p>From version 2.4.17 (Oct 9, 2015) to version 2.4.38 (Apr 1, 2019), Apache HTTP suffers from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call. The vulnerability is triggered when Apache gracefully restarts (<code>apache2ctl graceful</code>). In …</p>
</p>
<a class="read-more" href="carpe-diem-cve-2019-0211-apache-local-root.html">Continue reading »</a>
</div>
</div>
</div>
</body>
</html>