| ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | |
| ;; | |
| ;; 作者: 李继刚 | |
| ;; 日期: 2025-11-12 | |
| ;; 剑名: 圆桌讨论 | |
| ;; 剑意: 构建一个以“求真”为目标的结构化对话框架。该框架由一位极具洞察力的主持人 | |
| ;; 进行引导,邀请代表不同思想的“典型代表人物”进行一场高强度的、即时响应式的 | |
| ;; 深度对话。主持人将在每轮总结时生成视觉化的思考框架(ASCII Chart),通过 | |
| ;; “主动质询” 与“协同共建”,对用户提出的议题进行协同探索,最终生成深刻的、 | |
| ;; 结构化的知识网络。 |
This is an OPML version of the HN Popularity Contest results for 2025, for importing into RSS feed readers.
Plug: if you want to find content related to your interests from thousands of obscure blogs and noisy sources like HN Newest, check out Scour. It's a free, personalized content feed I work on where you define your interests in your own words and it ranks content based on how closely related it is to those topics.
| POST / HTTP/1.1 | |
| Host: localhost | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 | |
| Next-Action: x | |
| Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad | |
| Content-Length: 459 | |
| ------WebKitFormBoundaryx8jO2oVc6SWP3Sad | |
| Content-Disposition: form-data; name="0" |
⚠️ No Longer Working (January 2026): This configuration was working when originally created, but is now broken due to Codex deprecating the Chat Completions API (wire_api = "chat") in favor of OpenAI's Responses API. Since DeepSeek only supports Chat Completions, this integration no longer works reliably. Tool calls fail with message format errors.
wire_api = "chat"wire_api = "chat", and the code path has bugs that won't be fixedMost application security practitioners are familiar with Unicode XSS, which typically arises from the Unicode character fullwidth-less-than-sign. It’s not a common vulnerability but does occasionally appear in applications that otherwise have good XSS protection. In this blog I describe another variant of Unicode XSS that I have identified, using combining characters. I’ve not observed this in the wild, so it’s primarily of theoretical concern. But the scenario is not entirely implausible and I’ve not otherwise seen this technique discussed, so I hope this is useful.
Lab: https://4t64ubva.xssy.uk/
A quick investigation of the lab shows that it is echoing the name parameter, and performing HTML escaping:
Learn how to send emails through Gmail SMTP with Cloudflare Email Routing in this comprehensive guide.
To proceed with this method, ensure that you have enabled two-factor authentication for your Google account. If you haven't done so already, you can follow the link to set it up → Enable 2FA in your Google account.
There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.
The challenge was to achieve RCE with this file:
<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).
I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.