These tasks originate from the Ezpz category at Grey Cat The Flag 2025

Hacking 4 webapps from Break The Syntax CTF 2025. The apps contain a number of different vulnerabilities: ldap injection, command injection, ssti, php type juggling and several privilege escalation techniques on Linux.

Hacking a note-taking app from BITSCTF 2025. The exploit leverages a UTF-8 to ASCII conversion issue to inject XSS that remains unnoticed by DOMPurify and uses angular.js from Cloudflare CDN to bypass CSP restrictions.

These tasks originate from the WEB category at CTF Nullcon Goa HackIM 2025

The challenge involved crafting an XSS payload to extract a flag from an HTML tag, leveraging a vulnerability in the processing of uploaded .xlsx files and exploiting xmlattr vulnerability in Jinja2.