90% guessy, 10% challenge. ● [ Choosy ] I found the word "script" is fitered. I could infer this problem is about XSS exploit. payload Flag shellctf{50oom3_P4yL0aDS_aM0ng_Maaa4nnY} ● [ Extractor ] The service is consists of "Register Page" & "Login Page". I try sql injection attack in Login Page. First, I didn't know what kind of sql this service use. So I tried to find sql version. Then..

보호되어 있는 글입니다.

보호되어 있는 글입니다.

보호되어 있는 글입니다.

I skipped write-up super easy problems. WEB ● [ Are you Admin? ] I can't modify "isAdmin" section by fiddler, so I decided to use curl command to fix isAdmin = true. curl -i -H 'Content-Type: application/json' -d '{"username":"derp","isAdmin":true}' 'http://01.linux.challenges.ctf.thefewchosen.com:49395/api/auth' Flag : TFCCTF{S4n1t1z3_Y0ur_1nput5!} ● [ DeepLinks ] Description tells "Find out hi..

보호되어 있는 글입니다.

보호되어 있는 글입니다.

보호되어 있는 글입니다.

보호되어 있는 글입니다.