Vuln-Drive 2 - bi0sCTF22 ma1f0y 2023-01-24 Web tl;dr SSRF using file_get_contents() and CRLF in ini_set() basic Header quirks to bypass waf sqli using column trick in SQLite to get the flag Read More SSRF SQLi bi0sCTF22 CRLF
Notepad Series - InCTF Internationals 2021 Az3z3l 2021-08-16 Web Exploitation tl;dr Notepad 1 - Use Set-Cookie header to get XSS on the Admin Notepad 1.5 - CRLF on the name parameter of Golang’s Header().Set() method Notepad 2 - Xsleaks using Timing-Allow-Origin header Read More InCTFi XSS CRLF Xsleaks