Published onMay 10, 2026Break The Syntax CTF 2026 - Web challengeswebWebwebBreak-The-Syntax-CTF-2026BTSNamemichalBBNamekersziNamervrThese tasks originate from Break The Syntax CTF 2026
Published onDecember 16, 2025Database ReincursionwebWebwebsqlinjectionniteCTFniteCTF-2025NameBarryPLExploiting a sql injection vulnerability with filter bypass in the niteCTF 2025 web challenge.
Published onOctober 29, 2025Hack the Night serieswebWebwebdeadfacedeadface-2025Namenull_byteMy solution for deadface hack the night series web challenges.
Published onOctober 29, 2025Headers GamewebWebwebdeadfacedeadface-2025Namenull_byteMy solution for deadface web/headers game challenge.
Published onAugust 11, 2025WHY2025 CTF - WHY2025 CTF TIMES, Bonito BlogwebWebwebWHYCTFWHYCTF-2025Namevq4sWeb Challenge from WHYCTF 2025
Published onMay 18, 2025BreakTheSyntaxCTF 2025 - All web challengeswebWebwebBtSCTFBtSCTF-2025ldapldap-injectionssticommand-injectiontype-jugglingmagic-hashlinux-privescNamervrHacking 4 webapps from Break The Syntax CTF 2025. The apps contain a number of different vulnerabilities: ldap injection, command injection, ssti, php type juggling and several privilege escalation techniques on Linux.
Published onMarch 31, 2025swampCTF 2025 - SwampTech SolutionswebWebwebswampctfswampctf-2025Namenull_byteThe challenge presents a web application for SwampTech Solutions with several interconnected vulnerabilities.
Published onMarch 30, 2025swampCTF 2025 - Editor - Web challengewebWebwebcssswampctfswampctf-2025NameManFcGThis task originates from the Web category at swampCTF 2025
Published onFebruary 13, 2025BITSCTF 2025 - WEB: Get into my cute small plannerwebWebwebBITSCTFBITSCTF-2025xssdompurifycspunicode-overflowNamervrHacking a note-taking app from BITSCTF 2025. The exploit leverages a UTF-8 to ASCII conversion issue to inject XSS that remains unnoticed by DOMPurify and uses angular.js from Cloudflare CDN to bypass CSP restrictions.
Published onFebruary 2, 2025Nullcon Goa HackIM 2025 - WEB challengeswebWebwebnullconnullcon-2025sqlinjectionbcryptsstidnsdigint-overflowNameAUXZAENamemichalBBNamenull_byteNamervrNamezBlxstThese tasks originate from the WEB category at CTF Nullcon Goa HackIM 2025
Published onNovember 23, 2024GlacierCTF - SkiDatawebWebwebxssglacierctfcve-2024-34064NamervrThe challenge involved crafting an XSS payload to extract a flag from an HTML tag, leveraging a vulnerability in the processing of uploaded .xlsx files and exploiting xmlattr vulnerability in Jinja2.
Published onNovember 10, 2024Firefun 3webWebwebbluehensctfNamenull_byteMy solution for BluehensCTF web/Firefun 3 challenge
Published onNovember 4, 2024graph1webWebwebhackthevotectfNamenull_byteMy solution for HackTheVote2024 web/graph1 challenge
