Category: javascript

• CRAC CTF Writeup – NextJS Middleware Bypass

  In this article, I will walk you through a CTF that simulates the NextJS middleware bypass vulnerability described in CVE-2025-29927. I will also discuss a simple Python POC that Google Gemini wrote for me. This helped me understand the vulnerability and find the flag. CTF Description https://defhawk.com/battleground/raid/appliedoffsecandwebsecurity/fakeestate The CTF link provides the following description: “You…

  raghavan

  April 14, 2026

  ctf, ethical hacking, javascript

  crac, ctf, cve, CVE-2025-29927, defhawk, python, writeup

• Vulnerable Javascript resources

  A few resources to learn about Javascript from a hacker’s perspective

  raghavan

  May 23, 2023

  cybersecurity, javascript, sec-books

  javascript, vulnerable-code