My CTF Challenges (99.98% Web Challenge)

A collection of web challenges I made.

2017

CTF	Name	Concept
Belluminar CTF	Color world	XXE, XSLT Injection to RCE
Layer7 CTF	daniel's daily life	BBCode XSS
Layer7 CTF	Can you bypass me?	Bypass regexp, Eval function
Power Of XX CTF	Basic web	SQL Injection
Power Of XX CTF	SQL game	SQL Injection
-	Can you do it?	SQL Injection
-	Dirt-Y	MISC, PHP game
-	Is this possible?	SQL Injection
-	Simple Login	SQL Injection

2018

CTF	Name	Concept
H3X0R CTF	SQL game revenge	SQL Injection
H3X0R CTF	Goodaegi board	SQL Injection
Sunrin Hacking Festival	Click the button	MISC, Coding
Sunrin Hacking Festival	Pretty board	SQL Injection
Sunrin Hacking Festival	Simple login	SQL Injection
Sunrin Hacking Festival	Simple login revenge	LFI to RCE
Layer7 CTF	Margaret	RCE via PHP Session
Hackingcamp18 CTF	Pretty Shop	Indirect SQLite Injection
-	Count	Race condition in php file function

2019

CTF	Name	Concept
Christmas CTF	Dynamic SQL	PHP, SQL Injection
Belluminar CTF	-	-
Sunrin Internet High School CTF	jjang9	PHP, Bypass open_basedir, LFI to RCE
Sunrin Internet High School CTF	My first app	Flask, Blind CSS Injection
Sunrin Internet High School CTF	Last old school	PHP, Error based SQL Injection
-	rename	PHP filesystem bug

2021

CTF	Name	Concept
LAYER7 CTF	handmade	Python, Path Traversal
LAYER7 CTF	selfmade	Python, Logic Bug

2022

CTF	Name	Concept
Best of the Best CTF(Web)	-	DOM Clobbering, XSS
Best of the Best CTF(Web)	-	Prototype Pollution, XSS
Best of the Best CTF(Web)	-	Relative Path Overwrite, XSS
SUNRIN CTF	BABY XSS	XSS
SUNRIN CTF	HAPPY	XSS
SUNRIN CTF	LOGIN MASTER	SQLite3, SQL Injection
HSPACE CTF	maidcha	Python, Logic Bug
HSPACE CTF	hspace proxy	Python, SSRF, SQL Injection
HSPACE CTF	lucky7	XSS