Cybersecurity Log

CTF writeups, vulnerability mitigations, networking reviews, and a live terminal console.

Interactive Diagnostics Terminal

guest@kcv-security-ops:~
Welcome to KCV Security Console [Version 1.0.4]
Type "help" to list available operational commands.
guest@kcv-security-ops:~$

Security & CTF Logs

Writeups on vulnerability exploitation, secure coding, and linux server logs.

Overcoming CTF challenge: SQL Injection in Login Page

2026-07-02CTF Writeup
Diff: Easy

A guide on exploiting and securing a simple bypass-auth SQL injection vulnerability in a testing framework.

### Vulnerability Analysis The target application used a standard query builder that directly concatenated user inputs: ```sql SELECT * FROM users WHERE username = 'user_input' AND password = 'pass_input'; ``` ### Exploit Code By inputting `admin' --` in the username field, the query resolves to: ```sql SELECT * FROM users WHERE username = 'admin' --' AND password = '...'; ``` The SQL comment parser ignores the password check, allowing login bypass. ### Mitigation Always use parameterized inputs: ```typescript const query = 'SELECT * FROM users WHERE username = ? AND password = ?'; db.execute(query, [username, password]); ``` Or implement standard ORM tools like Prisma or Drizzle.

Securing Next.js APIs: Rate Limiting & JWT Practices

2026-07-08Notes
Diff: Medium

How to protect Next.js routes from brute-force attempts and securely store session payloads.

### API Protection Guide Next.js server actions and API routes can be easily overloaded. To prevent abuse: 1. **Implement Upstash or Redis rate-limiting** on public API routes. 2. **Never store JWTs in local storage**; use secure, HTTP-only, SameSite=Strict cookies to defend against Cross-Site Scripting (XSS). 3. **Validate inputs using Zod schemas** before handling data queries.