This is a challenge old-02 from webhacking.kr. I was stuck trying to understand how people were discovering this SQLi vulnerability through a cookie, as no blog posts explained why the attack was ...

Hacking a JavaScript Game Referring to this video. Examination This is a web-based game, so we begin by inspecting the game page using the browser’s developer tools. Inspecting the Game Open...

Trickster Author: Junias Bonou Description I found a web app that can help process images: PNG images only! Try it here! When I attempted to upload some random files, I got the following erro...

Description Can you use the portals to get to the right place? You are provided with a 32-bit executable: └─$ file portal portal: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dyna...

The search bar didn’t seem to be a viable target for XSS injection because either it simply echoes the search query or it sanitizes/blocks the payloads I tested (for example, the payloads generated...

A challenge about SLQi that uses Union injection technique. What is convenient about this challenge is it shows the query that is used to pull the data from the database. I used these SQL inject...

This is a challenge from webhacking.kr. As the name of the website suggests, it is about SQL injection. You can check the source code of the page: <?php if($_GET['no']){ $db = dbconnect(); ...

Identifying the Local File Inclusion (LFI) Vulnerability While working on the skills assessment for the File Inclusion module, I first checked whether the target website was vulnerable to Local Fi...

Page Source Inspection The actual functionality of uploading and downloading files weren’t working so I looked at the page source. I saw this portion of the source: const searchFile = async () =&...

Beginner pwn: First challenge #include <stdio.h> #include <stdlib.h> #include <string.h> int main() { char command[110] = "cowsay \""; char message[100]; printf("Gi...