securitytaters

Solving SaaS from ImaginaryCTF 2021

Posted on Tue 27 July 2021 in CTF by 0xm4v3rick • Tagged with webappsec, writeup, linux, bypass

CTF challenge based on sed linux utility.

Posted on Mon 10 May 2021 in CTF by 0xm4v3rick • Tagged with webappsec, enumeration, writeup, API

CTF challenge all based on enumeration and troubleshooting.

Source code enumeration to capture the flag.

Posted on Wed 22 July 2020 in CTF by 0xshrimantyogi • Tagged with webappsec, Cookie Manipulation, writeup

Cookie manipulation attack to retrieve flag.

Posted on Wed 22 July 2020 in CTF by 0xshrimantyogi • Tagged with webappsec, PHP Type Juggling, writeup

Exploiting PHP Type Juggling issue by supplying magic hash via GET variable

Posted on Mon 20 April 2020 in CTF by 0xm4v3rick • Tagged with webappsec, file read, writeup, lfi

Local File Inclusion (LFI) in the code C code supplementing the web server.

Posted on Mon 20 April 2020 in CTF by 0xm4v3rick • Tagged with webappsec, file read, writeup

Challenge involving application allowing C code compilation which could be exploited to read files.

Posted on Mon 23 March 2020 in CTF by 0xm4v3rick • Tagged with webappsec, phantomjs, file read, writeup

Challenge based on CVE-2019-17221 - arbitrary file read in PhantomJS through 2.1.1.

Posted on Mon 23 March 2020 in CTF by 0xm4v3rick • Tagged with webappsec, PDF generators, file read, writeup

Challenge based on the talk Owning the clout through SSRF and PDF generators.

Posted on Mon 09 March 2020 in CTF by 0xm4v3rick • Tagged with webappsec, XSS, writeup

Challenge included simple Stored XSS to steal cookies in a chat application.