CTF and security lab write-ups
Write-ups for CTF challenges and security labs.
Cafe Club (Mass Assignment) - BugForge
Cafe Club (Race Condition — TOCTOU) - BugForge
FurHire (SQLi Second-order) - Bugforge
FurHire (Stored XSS / WAF Bypass) - BugForge
FurHire MFA Bypass (Mass Assignment, MFA Brute Force) - BugForge
Galaxy Dash (Cross-Org User Hijacking) - BugForge
GalaxyDash (SQLi - Function Filter Bypass) - BugForge
MesaNet Access Panel (OTP Bypass + Broken Access Control) - BugForge
MesaNet Access Panel (SQLi, Info Disclosure) - Bugforge
Ottergram (Stored XSS — DM localStorage Exfil) - BugForge
Poluted (Prototype Pollution to XSS) - Hacksmarter
Shady Oaks Financial (Broken Access Control, Rounding Exploit) - BugForge
SmallMart (Unicode Case Mapping Bypass) - HackingHub
Verbose (SSTI to RCE) - Hacksmarter