XXE Injection
Blind XXE with out of band interaction via XML Parameter Entities This lab has a “Check stock” feature that parses XML input, but does not …
IT Security Matters
Blind XXE with out of band interaction via XML Parameter Entities This lab has a “Check stock” feature that parses XML input, but does not …
Basic SSRF Against Another IP Basic SSRF Against another IP #GOAL: This lab has a stock check feature which fetches data from an internal system. …
Information disclosure in error messages Goal: This lab’s verbose error messages reveal that it is using a vulnerable version of a third-party framework. To solve …
2FA Broken Logic Goal: The lab’s two factor authentication is vulnerable due to its flawed logic. To solve the lab, access Carlos’s acount page. The …
SQL Injection obtaining data from other tables The goal of this lab is to retrieve data from other tables using the product category filter. It …
Briefing This is a CTF created by my professor Aspen Olmsted. This challenge has two flags with the format flag{}. Once solved students were encouraged …