My CTF Challenges (99.98% Web Challenge)
A collection of web challenges I made.
2017
CTF |
Name |
Concept |
Belluminar CTF |
Color world |
XXE, XSLT Injection to RCE |
Layer7 CTF |
daniel's daily life |
BBCode XSS |
Layer7 CTF |
Can you bypass me? |
Bypass regexp, Eval function |
Power Of XX CTF |
Basic web |
SQL Injection |
Power Of XX CTF |
SQL game |
SQL Injection |
- |
Can you do it? |
SQL Injection |
- |
Dirt-Y |
MISC, PHP game |
- |
Is this possible? |
SQL Injection |
- |
Simple Login |
SQL Injection |
2018
CTF |
Name |
Concept |
H3X0R CTF |
SQL game revenge |
SQL Injection |
H3X0R CTF |
Goodaegi board |
SQL Injection |
Sunrin Hacking Festival |
Click the button |
MISC, Coding |
Sunrin Hacking Festival |
Pretty board |
SQL Injection |
Sunrin Hacking Festival |
Simple login |
SQL Injection |
Sunrin Hacking Festival |
Simple login revenge |
LFI to RCE |
Layer7 CTF |
Margaret |
RCE via PHP Session |
Hackingcamp18 CTF |
Pretty Shop |
Indirect SQLite Injection |
- |
Count |
Race condition in php file function |
2019
CTF |
Name |
Concept |
Christmas CTF |
Dynamic SQL |
PHP, SQL Injection |
Belluminar CTF |
- |
- |
Sunrin Internet High School CTF |
jjang9 |
PHP, Bypass open_basedir, LFI to RCE |
Sunrin Internet High School CTF |
My first app |
Flask, Blind CSS Injection |
Sunrin Internet High School CTF |
Last old school |
PHP, Error based SQL Injection |
- |
rename |
PHP filesystem bug |
2021
CTF |
Name |
Concept |
LAYER7 CTF |
handmade |
Python, Path Traversal |
LAYER7 CTF |
selfmade |
Python, Logic Bug |
2022
CTF |
Name |
Concept |
Best of the Best CTF(Web) |
- |
DOM Clobbering, XSS |
Best of the Best CTF(Web) |
- |
Prototype Pollution, XSS |
Best of the Best CTF(Web) |
- |
Relative Path Overwrite, XSS |
SUNRIN CTF |
BABY XSS |
XSS |
SUNRIN CTF |
HAPPY |
XSS |
SUNRIN CTF |
LOGIN MASTER |
SQLite3, SQL Injection |
HSPACE CTF |
maidcha |
Python, Logic Bug |
HSPACE CTF |
hspace proxy |
Python, SSRF, SQL Injection |
HSPACE CTF |
lucky7 |
XSS |