CSAW 2k22 ALL WEB WRITEUPS

All CSAW 2k22 Web writeups, that was fun.
Read More

WMCTF 2022 LFI->SSRF->RCE

I am sharing a writeup for a decent webtask from WMCTF 2022 that I played alongside with my team SOter14 (Ranked 1st now in my home country Tunisia on CTFtime). I chained Local File Inclusion (LFI)>> Server Side Request Forgery (SSRF)>> Remote Code Execution (RCE) with blind os command injection. Also, got an alternative PoC for the recent CVE-2022-33891.

Read More

Imaginary CTF 2022

MojoJs Server Site Template Injection + filter bypass >> Remote Code Execution.

Read More