https://n9o.xyz/tags/web-security/ Recent content in Web Security on Hugo -- gohugo.io en © 2026 Vaishnav Baraskar Tue, 23 Apr 2024 00:00:00 +0000 https://n9o.xyz/capturetheflag/ironctf/ Tue, 23 Apr 2024 00:00:00 +0000 https://n9o.xyz/capturetheflag/ironctf/ <h2 class="relative group">0x00 – Prologue <div id="0x00--prologue" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#0x00--prologue" aria-label="Anchor">#</a> </span> </h2> <p>I like JWT bugs. They&rsquo;re like puzzles where you know someone somewhere made a careless design call, and you just have to figure out where the glue fell apart. In this one, the challenge was called &ldquo;JWT Hunt&rdquo; and it lived up to the name. Turns out the devs had split the signing key into four parts and sprinkled them around the site like cryptographic breadcrumbs.</p> https://n9o.xyz/bugbounty/trello/ Wed, 15 Nov 2023 00:00:00 +0000 https://n9o.xyz/bugbounty/trello/ An exploration of a clickjacking vulnerability found in Trello&rsquo;s public boards, examining the technical details, potential impacts, and broader security lessons about proper header configurations. https://n9o.xyz/bugbounty/petcare/ Wed, 15 Feb 2023 00:00:00 +0000 https://n9o.xyz/bugbounty/petcare/ A simple POST request without CSRF protection allowed me to trick a PetCare admin into granting me admin privileges. This writeup dives into the exploitation steps, mental process, root cause, and patching of a high-risk vulnerability in their internal panel.