보호되어 있는 글입니다.

보호되어 있는 글입니다.

● Bug Hunter I can get a hint in main page. It gives a word "Reflected XSS". So I tried some test payload using "tsukushi" parameter. I can trigger XSS. But where is the flag? I can't guess anything, so checked description. They gave me "guess" and "RFC". I searched about RFC and find hint like this. I entered into "/.well-kown/security.txt". Got it. Technically, it's not xss problem I expected...

보호되어 있는 글입니다.

While playing CTF, I found a interesting idea so I note in here. ● ezphp(fixed) You can find a hint to solve this problem in Header. When you enter the site, you can find response header like this. The point is the version of PHP. PHP 5.3.x Version has "HEAD Method Trick" vulnerability. To solve this challenge, you must use "HEAD" method to bypass code "$_SESSION["admin"]=0;". That is to say you..

It's shame that I can't solve all challenge in web section. I must study harder. ● web/sources You can check flag in DevTools, Flag flag{bd6a9e3f1690f7abb8445c0e} ● password-1 When you enter into "/api/outout" endpoint, can check the flag Flag flag{why_is_hashing_in_browser_so_hard} ● password-2 payload : 1' or 1=1-- Flag flag{i_love_in_memory_sqlite} ● web/notes1 const add = (note) => { const i..

보호되어 있는 글입니다.

보호되어 있는 글입니다.

When running docker with apache, tomcat etc.. must run with command "-D FOREGROUND"