PUCTF 2025 Author Writeup

Writeup

• Web Exploitation
  1. JSON My Soul
  2. NuttyShell File Manager - NuttyShell 檔案管理員
  3. COVID-19 Mutation History - COVID-19 病毒突變歷史
  4. Memo-ry

Background

• Starts: 19 April 2025, 20:00 HKT
• Ends: 21 April 2025, 20:30 HKT (Extended for 30 minutes)

Categories:

• Hardware
• Cryptography
• Reverse Engineering
• Miscellaneous
• Web Exploitation
• Forensics
• Artificial Intelligence
• Welcome
• Pwn / Exploitation
• Blockchain

What you'll learn in this CTF

• Web Exploitation
  1. JSON My Soul - SSRF whitelist domain bypass via flawed validation
  2. NuttyShell File Manager - NuttyShell 檔案管理員 - Python dirty arbitrary file write to RCE via overwriting bytecode files
  3. COVID-19 Mutation History - COVID-19 病毒突變歷史 - mXSS via parser differential between HTML 4 and 5 in PHP DOMDocument::loadHTML and CSP bypass
  4. Memo-ry - CSPT2CSRF and DOM clobbering via URL credentials