CTF & Study notes

https://kinntaey.github.io/CTF & Study notesA minimal, responsive and feature-rich Jekyll theme for technical writing. 2026-04-11T20:01:03+10:00 Taehee Kim https://kinntaey.github.io/ Jekyll © 2026 Taehee Kim /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png [Dreamhack] simple_sql_chatgpt2026-04-11T14:00:00+10:00 2026-04-11T14:00:00+10:00 https://kinntaey.github.io/posts/DREAMHACK-SIMPLE_SQL_CHATGPT/ Taehee Kim

Challenge Overview Challenge: simple_sql_chatgpt Platform: Dreamhack Category: Web — SQL injection Vulnerable Query The application constructs an SQL query using unsanitised user input: res = query_db(f"select * from users where userlevel='{userlevel}'") Resulting SQL: SELECT * FROM users WHERE userlevel = '[input]' Because the userlevel parameter is directly embedded into the q...

[Dreamhack] XSS Filtering Bypass2026-04-08T14:00:00+10:00 2026-04-08T17:44:30+10:00 https://kinntaey.github.io/posts/DREAMHACK-XSS-FILTERING-BYPASS/ Taehee Kim

Challenge Overview Challenge: XSS Filtering Bypass Platform: Dreamhack Category: Web — Cross-Site Scripting Source Code Analysis First, analyse the contents of index.html. {% extends "base.html" %} {% block title %}Index{% endblock %} {% block head %} {{ super() }} <style type="text/css"> .important { color: #336699; } </style> {% endblock %} {% block content ...

[Dreamhack] image-storage2026-03-20T15:00:00+11:00 2026-03-21T10:33:29+11:00 https://kinntaey.github.io/posts/DREAMHACK-IMAGE-STORAGE/ Taehee Kim

Overview The application provides a file upload feature with no restriction on file type or extension. Since uploaded files are stored in a web-accessible directory, a PHP file can be uploaded and executed directly through the browser. Solution Step 1 — Identify the Vulnerability The upload endpoint accepts any file without validating the extension or MIME type. This means a .php script w...

[Study Note] File Upload Vulnerabilities2026-03-20T10:27:00+11:00 2026-03-20T10:27:00+11:00 https://kinntaey.github.io/posts/STUDY-NOTE-FILE-UPLOAD/ Taehee Kim

File Upload Vulnerabilities Purpose: File upload functionality is one of the most common features in web applications — and one of the most dangerous when implemented carelessly. This note covers how these vulnerabilities work, how attackers exploit them, and how to defend against them. 1. What Are File Upload Vulnerabilities? File upload vulnerabilities occur when a server accepts use...

[Study Note] Privacy-Preserving Record Linkage (PPRL) & ML Attacks2026-03-07T15:00:00+11:00 2026-03-21T09:50:28+11:00 https://kinntaey.github.io/posts/STUDY-NOTE-AI-SECURITY/ Taehee Kim

What is Privacy-Preserving Record Linkage? (PPRL) PPRL is a technique for matching records about the same individuals across different databases — without exposing their private data. How it works 1. Two separate databases exist A Hospital DB with patient info (name, age, pressure, etc.) A Bank DB with financial info (name, DOB, loan type, etc.) 2. Encode Instead of sharing raw pe...