James Cao

DVWA File Upload Low/Medium/High Security

Leveraging file upload functionality to gain access to server.

Oct 16, 2025 • 3 min read

DVWA CSRF Low/Medium/High Security

CSRF attack change any accounts passwords.

Oct 16, 2025 • 3 min read

DVWA CSP Bypass Low/Medium/High Security

Bypass CSP policy and inject our desired Javascript code.

Oct 16, 2025 • 1 min read

DVWA Cryptography Low/Medium/High Security

Decode the encoded string to get the correct password.

Oct 16, 2025 • 2 min read

DVWA Command Injection Low/Medium/High Security

Get access to server resources through ping function.

Oct 16, 2025 • 2 min read

DVWA Brute Force Low/Medium/High Security

Brute-force and get the admin account credentials.

Oct 16, 2025 • 2 min read

DVWA Authorisation Bypass Low/Medium/High Security

Leveraging vulnerabilities to get access to user manager system.

Oct 16, 2025 • 2 min read

Exploting IMPOSSIBLE Security Level CSRF - DVWA

A step-by-step guide on how I exploit the IMPOSSIBLE security level of CSRF vulnerability in DVWA (Damn Vulnerable Web App).

Oct 11, 2025 • 3 min read

WannaGame Freshman CTF 2025 - Wave Second For Git Write-up

GitHub CLI so funny@@. Use it to solve this challenge hehe. The flag has 3 parts.

Oct 6, 2025 • 1 min read

WannaGame Freshman CTF 2025 - Open Read Flag Write-up

Follow the title to get the flag !!

Oct 6, 2025 • 2 min read

© 2025 James Cao. Some rights reserved.

Using the PaperMod theme for Hugo.