● buckeyenotes The word "=" is filtered. Bypass it. Payload : ' or username like 'brutusB3stNut9999' and password like '%a%'-- Flag : buckeye{wr1t3_ur_0wn_0p3n_2_pwn} ● pong I can't find any flag in this service. I guessed if I win this game, I can get a flag. There are no given source code. So I just looked up devtools, then I could find below code. const socket = io(); const canvas = document...

● Cvg3n3rat0r This is the main page. If I write down some words and click the submit, you can download a file. The result file is like this. I don't have much ideas, so I simply tried some code in there. There is nothing in result file. In this case, I can assume two situations. First, the service has word filtering. Second, the service recognized script tag and apply it in appropriate way. I th..

보호되어 있는 글입니다.

보호되어 있는 글입니다.

보호되어 있는 글입니다.

● Bug Hunter I can get a hint in main page. It gives a word "Reflected XSS". So I tried some test payload using "tsukushi" parameter. I can trigger XSS. But where is the flag? I can't guess anything, so checked description. They gave me "guess" and "RFC". I searched about RFC and find hint like this. I entered into "/.well-kown/security.txt". Got it. Technically, it's not xss problem I expected...

보호되어 있는 글입니다.

While playing CTF, I found a interesting idea so I note in here. ● ezphp(fixed) You can find a hint to solve this problem in Header. When you enter the site, you can find response header like this. The point is the version of PHP. PHP 5.3.x Version has "HEAD Method Trick" vulnerability. To solve this challenge, you must use "HEAD" method to bypass code "$_SESSION["admin"]=0;". That is to say you..

It's shame that I can't solve all challenge in web section. I must study harder. ● web/sources You can check flag in DevTools, Flag flag{bd6a9e3f1690f7abb8445c0e} ● password-1 When you enter into "/api/outout" endpoint, can check the flag Flag flag{why_is_hashing_in_browser_so_hard} ● password-2 payload : 1' or 1=1-- Flag flag{i_love_in_memory_sqlite} ● web/notes1 const add = (note) => { const i..