About
Introduction
Fourth-year undergraduate student at Nanjing University of Posts and Telecommunications (NJUPT)
Focus on Web Application Security (mostly Java and Go), Cloud Native and LLMs
CTF player at X1cT34m and Nu1L Team
Contacts
Email: i@exp10it.io
GitHub: https://github.com/X1r0z
Twitter: https://x.com/X1r0z
My Presentations
- Hacking GraalVM Espresso: Abusing Continuation API to Make ROP-Like Attack, GEEKCON 2025
- Breaking Consensus: From Raft Leader Hijacking to Distributed System Takeover, co-authored with @yulate, 2025 Alibaba White Hat Conference
My CVE List
Just for fun
| CVE-ID | Vendor | Product | Type | CVSS |
|---|---|---|---|---|
| CVE-2023-21931 | Oracle | WebLogic Server | RCE | 7.5 |
| CVE-2023-22086 | Oracle | WebLogic Server | RCE | 7.5 |
| CVE-2023-51784 | Apache | InLong Manager | RCE | 9.8 |
| CVE-2023-51785 | Apache | InLong Manager | File Read | 7.5 |
| CVE-2024-36268 | Apache | InLong TubeMQ | RCE | 9.8 |
| CVE-2024-22399 | Apache | Seata | RCE | 9.8 |
| CVE-2024-56180 | Apache | EventMesh | RCE | 9.8 |