Flaskcards – Points: 350 Problem Statement We found this (link) fishy website for flashcards that we think may be sending secrets. Could you take a look? Home page Registered a user After authentication, now we can create/list a card. Flaskcards? hmm maybe flask framework ? There’s a helpful blog post for SSTI vulnerability detection. […]
Fancy-alive-monitoring – Points: 400 Problem Statement One of my school mate developed an alive monitoring tool. Can you get a flag from (link) ? index.php There are two validations for user input (ip) Client side Server side Client Side Here javascript is used with a regex that matches x.x.x.x where x is [0-9] digit denoted […]
A Simple Question – Points: 650 Problem Statement There is a website running at (link). Try to see if you can answer its question. Testing input as invalid Response Let’s extract the correct answer using blind SQli But first I want to know the length of answer Found length in burp after intruding 1-20 numbers […]
wiks3c 