whoami

Hi,I’m rickshang , The Chinese name is 无在无不在, which is a dialectical name but difficult to translate into English.

I like working on novel attack techniques and dream of becoming a security researcher

I want to share some of my experiences through my blog and communicate with the security community at home and abroad.

My CVE list:

• CVE-2022-46181 XSS vulnerability in the application image file upload in gotify/server
• CVE-2023-22463 JwtSigKey hardcoded causes the k8s cluster to take over in kubeoperator/kubepi

There are other general vulnerabilities that I can’t publicly disclose yet because they haven’t been fixed

My open source project:

• siusiu
• url-collector
• arp-spoofing
• php-lab
• xss-platform

Wechat subscription