https://hackerpoet.com/Recent content on T4rn's blogHugozh-cnTue, 14 Apr 2026 00:00:00 +0000https://hackerpoet.com/posts/dataease-2.1.12-bypass/Tue, 14 Apr 2026 00:00:00 +0000https://hackerpoet.com/posts/dataease-2.1.12-bypass/分析 Dataease 2.1.12 版本中 H2 类型未过滤导致的 JDBC RCE 绕过https://hackerpoet.com/posts/pyjail-challenge/Tue, 14 Apr 2026 00:00:00 +0000https://hackerpoet.com/posts/pyjail-challenge/Python2/3 沙盒逃逸分析，利用 Unicode NFKC 标准化绕过字母黑名单https://hackerpoet.com/posts/express-engine-trick/Tue, 14 Apr 2026 00:00:00 +0000https://hackerpoet.com/posts/express-engine-trick/分析 Express render 流程中引擎加载的一个有趣点，记录一种可用于 CTF 的利用思路https://hackerpoet.com/posts/geng-wang-ji/Thu, 26 Mar 2026 00:00:00 +0000https://hackerpoet.com/posts/geng-wang-ji/写给我爷https://hackerpoet.com/about/Mon, 01 Jan 0001 00:00:00 +0000https://hackerpoet.com/about/About T4rnhttps://hackerpoet.com/friends/Mon, 01 Jan 0001 00:00:00 +0000https://hackerpoet.com/friends/Friends Links