LIT CTF 2021
Here, you can find write-ups of few interesting challenges from my solves in LIT CTF 2021.
You can find and learn the below mentioned techniques:
SQL injection with WAF bypass
RCE using python pickle desirialisation, bypassing the input(dictionary) validation
Abusing the funtionality of a Web-Socket Server
LIT BUGS
Source code
var exp...
RedpwnCTF 2021
Here, you can find write-ups of few interesting challenges from my solves in RedpwnCTF 2021.
Cool
TL;DR
The application allows users to register.
The register funtionality is vulnerable to SQL injection.
In this case, SQLi is inside the INSERT statement.
Retriving data is non-trivial and time consuming using this type of SQLi.
The...
San Diego CTF 2021
Here, you can find write-ups of few interesting challenges from my solves in San Diego CTF 2021 2021.
Apollo
TL;DR
The website’s interface seems to be down.
While investigating the network, website uses an API with the path /api/status?verbose=
Setting parameter verbose to any value, unlocks other API paths
Investigating the respons...