PUCTF 2025 Author Writeup
Writeup
- Web Exploitation
Background
- Starts: 19 April 2025, 20:00 HKT
- Ends: 21 April 2025, 20:30 HKT (Extended for 30 minutes)
Categories:
- Hardware
- Cryptography
- Reverse Engineering
- Miscellaneous
- Web Exploitation
- Forensics
- Artificial Intelligence
- Welcome
- Pwn / Exploitation
- Blockchain
What you'll learn in this CTF
- Web Exploitation
- JSON My Soul - SSRF whitelist domain bypass via flawed validation
- NuttyShell File Manager - NuttyShell 檔案管理員 - Python dirty arbitrary file write to RCE via overwriting bytecode files
- COVID-19 Mutation History - COVID-19 病毒突變歷史 - mXSS via parser differential between HTML 4 and 5 in PHP
DOMDocument::loadHTML
and CSP bypass - Memo-ry - CSPT2CSRF and DOM clobbering via URL credentials