https://www.root-me.org/IMG/logo/siteon0.svg

Code Snippet Serie - 02 - Memory Exhaustion via Unchecked Input Length

Challenge Description This challenge, authored by @Ethnical and @fadam, involves exploiting a vulnerability in a blockchain network server that processes incoming network messages. The vulnerability allows an attacker to cause a Denial of Service (DoS) by exhausting the server’s memory. Vulnerability Overview 🛑 Vulnerability: The vulnerability lies in the unchecked allocation of memory based on user-controlled input length, leading to potential memory exhaustion. Technical Analysis Vulnerability Details Unchecked Length Parameter:

Code Snippet Serie - 01 - SQL Like injection

Challenge Description This challenge, authored by @Elweth, involves exploiting a vulnerability in a SQL Query which lets you abuse the LIKE clause to first bypass authentication and then retrieve the entire API key. Vulnerability Overview 🛑 Vulnerability: The vulnerability lies in the SQL query, which remains vulnerable despite the use of the prepare statement system in Python. Conventional SQL injection exploitation methods won’t work here, because the query is correctly prepared with python.