rcimarelli

XXE Injection

by RobMarch 28, 2022March 28, 20220

Blind XXE with out of band interaction via XML Parameter Entities This lab has a “Check stock” feature that parses XML input, but does not …

SSRF

by RobMarch 10, 2022March 10, 20220

Basic SSRF Against Another IP Basic SSRF Against another IP #GOAL: This lab has a stock check feature which fetches data from an internal system. …

Information Disclosure

by RobFebruary 8, 2022February 8, 20220

Information disclosure in error messages Goal: This lab’s verbose error messages reveal that it is using a vulnerable version of a third-party framework. To solve …

PortSwigger Authentication

by RobJanuary 29, 2022January 29, 20220

2FA Broken Logic Goal: The lab’s two factor authentication is vulnerable due to its flawed logic. To solve the lab, access Carlos’s acount page. The …

SQL Injection Burp Academy

by RobJanuary 24, 2022January 26, 20220

SQL Injection obtaining data from other tables The goal of this lab is to retrieve data from other tables using the product category filter. It …

Coast Vehicle Company

by RobMay 25, 2021May 26, 20210

Briefing This is a CTF created by my professor Aspen Olmsted. This challenge has two flags with the format flag{}. Once solved students were encouraged …