Web

These tasks originate from Break The Syntax CTF 2026

Exploiting a sql injection vulnerability with filter bypass in the niteCTF 2025 web challenge.

My solution for deadface hack the night series web challenges.

My solution for deadface web/headers game challenge.

Web Challenge from WHYCTF 2025

Hacking 4 webapps from Break The Syntax CTF 2025. The apps contain a number of different vulnerabilities: ldap injection, command injection, ssti, php type juggling and several privilege escalation techniques on Linux.

The challenge presents a web application for SwampTech Solutions with several interconnected vulnerabilities.

This task originates from the Web category at swampCTF 2025

Hacking a note-taking app from BITSCTF 2025. The exploit leverages a UTF-8 to ASCII conversion issue to inject XSS that remains unnoticed by DOMPurify and uses angular.js from Cloudflare CDN to bypass CSP restrictions.

These tasks originate from the WEB category at CTF Nullcon Goa HackIM 2025

The challenge involved crafting an XSS payload to extract a flag from an HTML tag, leveraging a vulnerability in the processing of uploaded .xlsx files and exploiting xmlattr vulnerability in Jinja2.

My solution for BluehensCTF web/Firefun 3 challenge

My solution for HackTheVote2024 web/graph1 challenge