Orange Tsai
  • Home
  • Articles
  • Talks
  • About

  • 2025

  • 2025-01-10
    WorstFit: Unveiling Hidden Transformers in Windows ANSI!

  • 2024

  • 2024-08-09
    Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
  • 2024-06-07
    CVE-2024-4577 - Yet Another PHP RCE: Make PHP-CGI Argument Injection Great Again!

  • 2023

  • 2023-08-12
    從 2013 到 2023: Web Security 十年之進化與趨勢!

  • 2022

  • 2022-10-19
    A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
  • 2022-08-18
    Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS!

  • 2021

  • 2021-08-18
    A New Attack Surface on MS Exchange Part 3 - ProxyShell!
  • 2021-08-07
    A New Attack Surface on MS Exchange Part 2 - ProxyOracle!
  • 2021-08-06
    A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
  • 2021-02-24
    A Journey Combining Web Hacking and Binary Exploitation in Real World!

  • 2020

  • 2020-09-12
    How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM

  • 2019

  • 2019-11-11
    你用它上網,我用它進你內網! 中華電信數據機遠端代碼執行漏洞
  • 2019-10-30
    An analysis and thought about recently PHP-FPM RCE (CVE-2019-11043)
  • 2019-09-02
    Attacking SSL VPN - Part 3: The Golden Pulse Secure SSL VPN RCE Chain, with Twitter as Case Study!
  • 2019-08-10
    Attacking SSL VPN - Part 2: Breaking the Fortigate SSL VPN
  • 2019-07-17
    Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study!
  • 2019-03-12
    A Wormable XSS on HackMD!
  • 2019-02-19
    Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!
  • 2019-01-16
    Hacking Jenkins Part 1 - Play with Dynamic Routing

  • 2018

  • 2018-10-24
    HITCON CTF 2018 - One Line PHP Challenge
  • 2018-08-11
    How I Chained 4 Bugs (Features?) into RCE on Amazon Collaboration System
  • 2018-06-27
    Google CTF 2018 Quals Web Challenge - gCalc
  • 2018-03-26
    Pwn a CTF Platform with Java JRMP Gadget
  • 2018-01-21
    PHP CVE-2018-5711 - Hanging Websites by a Harmful GIF

  • 2017

  • 2017-07-28
    How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
  • 2017-01-07
    GitHub Enterprise SQL Injection

  • 2016

  • 2016-12-07
    [隨筆] Java Web 漏洞生態食物鏈
  • 2016-10-13
    Collection of CTF Web Challenges I made
  • 2016-07-23
    HITCON 2016 投影片 - Bug Bounty 獎金獵人甘苦談 那些年我回報過的漏洞
  • 2016-04-21
    How I Hacked Facebook, and Found Someone's Backdoor Script
  • 2016-04-07
    Uber 遠端代碼執行- Uber.com Remote Code Execution via Flask Jinja2 Template Injection
  • 2016-01-14
    HITCON CTF 2015 Quals & Final 心得備份

  • 2015

  • 2015-09-29
    Google & Facebook Bug Bounty GET
  • 2015-09-10
    AIS3 Final CTF Web Writeup (Race Condition & one-byte off SQL Injection)
  • 2015-08-31
    Remote Code Execution through GDB Remote Debugging Protocol
  • 2015-08-28
    HITCON 2015 Community 演講投影片 - 那些 Web Hacking 中的奇技淫巧
  • 2015-07-18
    2015 烏雲峰會演講投影片 「關於 HITCON CTF 的那些事 之 Web 狗如何在險惡的 CTF 世界中存活?」
  • 2015-05-01
    講個秘訣 - 0ctf Final 0cms
  • 2015-04-13
    Web 狗沒人權 TAT?
  • 2015-03-02
    Boston Key Party CTF 2015 [Harvard Square] [Andrew & Broadway] Write-ups
Page 1 of 3
Copyright © 2009-2025 Orange Tsai
  • Home
  • Articles
  • Talks
  • About