A collection of web challenges I made.
CTF | Name | Concept |
---|---|---|
Belluminar CTF | Color world | XXE, XSLT Injection to RCE |
Layer7 CTF | daniel's daily life | BBCode XSS |
Layer7 CTF | Can you bypass me? | Bypass regexp, Eval function |
Power Of XX CTF | Basic web | SQL Injection |
Power Of XX CTF | SQL game | SQL Injection |
- | Can you do it? | SQL Injection |
- | Dirt-Y | MISC, PHP game |
- | Is this possible? | SQL Injection |
- | Simple Login | SQL Injection |
CTF | Name | Concept |
---|---|---|
H3X0R CTF | SQL game revenge | SQL Injection |
H3X0R CTF | Goodaegi board | SQL Injection |
Sunrin Hacking Festival | Click the button | MISC, Coding |
Sunrin Hacking Festival | Pretty board | SQL Injection |
Sunrin Hacking Festival | Simple login | SQL Injection |
Sunrin Hacking Festival | Simple login revenge | LFI to RCE |
Layer7 CTF | Margaret | RCE via PHP Session |
Hackingcamp18 CTF | Pretty Shop | Indirect SQLite Injection |
- | Count | Race condition in php file function |
CTF | Name | Concept |
---|---|---|
Christmas CTF | Dynamic SQL | PHP, SQL Injection |
Belluminar CTF | - | - |
Sunrin Internet High School CTF | jjang9 | PHP, Bypass open_basedir, LFI to RCE |
Sunrin Internet High School CTF | My first app | Flask, Blind CSS Injection |
Sunrin Internet High School CTF | Last old school | PHP, Error based SQL Injection |
- | rename | PHP filesystem bug |
CTF | Name | Concept |
---|---|---|
LAYER7 CTF | handmade | Python, Path Traversal |
LAYER7 CTF | selfmade | Python, Logic Bug |
CTF | Name | Concept |
---|---|---|
Best of the Best CTF(Web) | - | DOM Clobbering, XSS |
Best of the Best CTF(Web) | - | Prototype Pollution, XSS |
Best of the Best CTF(Web) | - | Relative Path Overwrite, XSS |
SUNRIN CTF | BABY XSS | XSS |
SUNRIN CTF | HAPPY | XSS |
SUNRIN CTF | LOGIN MASTER | SQLite3, SQL Injection |
HSPACE CTF | maidcha | Python, Logic Bug |
HSPACE CTF | hspace proxy | Python, SSRF, SQL Injection |
HSPACE CTF | lucky7 | XSS |