Blog | Jorian Woltjer

Astro Full-Read SSRF via Host Header Injection

SvelteSpill: A Cache Deception Bug in SvelteKit + Vercel

hxpCTF 2025 - CatGPT

Intigriti December XSS Challenge (1225)

Intigriti December XSS Challenge (1225)

openECSC 2025 - kittychat-secure

Exploiting Web Worker XSS with Blobs

Intigriti August RCE Challenge (0825)

Intigriti July XSS Challenge (0725)

Nonce CSP bypass using Disk Cache

Intigriti June RCE Challenge (0625)

OBS WebSocket to RCE

The Ultimate Double-Clickjacking PoC

Intigriti May XSS Challenge (0525)

MCP: May Cause Pwnage - Backdoors in Disguise

Intigriti March XSS Challenge (0325)