← Back
Web-Server Writeups | Avishai’s CTF Writeups

Avishai's CTF Writeups

Yalla Balagan! A collection of my CTF writeups and solutions.

View on GitHub

Welcome to the Web-Server wargame writeups! Click a level below to view the detailed solution.

🧩

API-Broken-Access-2

Solution for API-Broken-Access-2

 🧩

API-Broken-Access

Solution for API-Broken-Access

 🧩

API-Mass-Assignment

Solution for API-Mass-Assignment

 🧩

Backup-file

Solution for Backup-file

 🧩

Blind-SSTI-Filters-Bypass_NOT_FINISHED

Solution for Blind-SSTI-Filters-Bypass_NOT_FINISHED

 🧩

Command-injection-Filter-bypass

Solution for Command-injection-Filter-bypass

 🧩

CRLF

Solution for CRLF

 🧩

Directory-traversal

Solution for Directory-traversal

 🧩

Elixir-EEx

Solution for Elixir-EEx

 🧩

File-upload-Double-extensions

Solution for File-upload-Double-extensions

 🧩

File-upload-MIME-type

Solution for File-upload-MIME-type

 🧩

File-upload-Null-byte

Solution for File-upload-Null-byte

 🧩

File-upload-Polyglot

Solution for File-upload-Polyglot

 🧩

File-upload-ZIP

Solution for File-upload-ZIP

 🧩

Flask-Development-server

Solution for Flask-Development-server

 🧩

Flask-Unsecure-session

Solution for Flask-Unsecure-session

 🧩

GraphQL-Backend-injection

Solution for GraphQL-Backend-injection

 🧩

GraphQL-Injection

Solution for GraphQL-Injection

 🧩

GraphQL-Introspection

Solution for GraphQL-Introspection

 🧩

GraphQL-Mutation

Solution for GraphQL-Mutation

 🧩

HTML-Source-code

Solution for HTML-Source-code

 🧩

HTTP-Cookies

Solution for HTTP-Cookies

 🧩

HTTP-Directory-indexing

Solution for HTTP-Directory-indexing

 🧩

HTTP-Headers

Solution for HTTP-Headers

 🧩

HTTP-Improper-redirect

Solution for HTTP-Improper-redirect

 🧩

HTTP-IP-restriction-bypass

Solution for HTTP-IP-restriction-bypass

 🧩

HTTP-Open-redirect

Solution for HTTP-Open-redirect

 🧩

HTTP-POST

Solution for HTTP-POST

 🧩

HTTP-User-agent

Solution for HTTP-User-agent

 🧩

HTTP-verb-tampering

Solution for HTTP-verb-tampering

 🧩

Insecure-Code-Management

Solution for Insecure-Code-Management

 🧩

Install-files

Solution for Install-files

 🧩

Java-Custom-gadget-deserialization

Solution for Java-Custom-gadget-deserialization

 🧩

Java-Server-side-Template-Injection

Solution for Java-Server-side-Template-Injection

 🧩

Java-Spring-Boot

Solution for Java-Spring-Boot

 🧩

JWT-Header-Injection

Solution for JWT-Header-Injection

 🧩

JWT-Introduction

Solution for JWT-Introduction

 🧩

JWT-Public-key

Solution for JWT-Public-key

 🧩

JWT-Revoked-token

Solution for JWT-Revoked-token

 🧩

JWT-Unsecure-File-Signature

Solution for JWT-Unsecure-File-Signature

 🧩

JWT-Unsecure-Key-Handling

Solution for JWT-Unsecure-Key-Handling

 🧩

JWT-Weak-secret

Solution for JWT-Weak-secret

 🧩

LDAP-injection-Authentication

Solution for LDAP-injection-Authentication

 🧩

LDAP-injection-Blind

Solution for LDAP-injection-Blind

 🧩

Local-File-Inclusion-Double-encoding

Solution for Local-File-Inclusion-Double-encoding

 🧩

Local-File-Inclusion-Wrappers

Solution for Local-File-Inclusion-Wrappers

 🧩

Local-File-Inclusion

Solution for Local-File-Inclusion

 🧩

Nginx-Alias-Misconfiguration

Solution for Nginx-Alias-Misconfiguration

 🧩

Nginx-Root-Location-Misconfiguration

Solution for Nginx-Root-Location-Misconfiguration

 🧩

Nginx-SSRF-Misconfiguration

Solution for Nginx-SSRF-Misconfiguration

 🧩

Node-Eval

Solution for Node-Eval

 🧩

Node-Serialize

Solution for Node-Serialize

 🧩

NodeJS-vm-escape

Solution for NodeJS-vm-escape

 🧩

NoSQL-injection-Authentication

Solution for NoSQL-injection-Authentication

 🧩

NoSQL-injection-Blind

Solution for NoSQL-injection-Blind

 🧩

PHP-Apache-configuration

Solution for PHP-Apache-configuration

 🧩

PHP-assert

Solution for PHP-assert

 🧩

PHP-Command-injection

Solution for PHP-Command-injection

 🧩

PHP-Eval

Solution for PHP-Eval

 🧩

PHP-Filters

Solution for PHP-Filters

 🧩

PHP-Loose-Comparison

Solution for PHP-Loose-Comparison

 🧩

PHP-Path-Truncation

Solution for PHP-Path-Truncation

 🧩

PHP-preg_replace

Solution for PHP-preg_replace

 🧩

PHP-register-globals

Solution for PHP-register-globals

 🧩

PHP-Remote-Xdebug

Solution for PHP-Remote-Xdebug

 🧩

PHP-Serialization

Solution for PHP-Serialization

 🧩

PHP-type-juggling

Solution for PHP-type-juggling

 🧩

PHP-Unserialize-overflow

Solution for PHP-Unserialize-overflow

 🧩

PHP-Unserialize-Pop-Chain

Solution for PHP-Unserialize-Pop-Chain

 🧩

Python-dotenv_NOT_FINISHED

Solution for Python-dotenv_NOT_FINISHED

 🧩

Python-Server-side-Template-Injection-Introduction

Solution for Python-Server-side-Template-Injection-Introduction

 🧩

Remote-File-Inclusion

Solution for Remote-File-Inclusion

 🧩

Server-Side-Request-Forgery

Solution for Server-Side-Request-Forgery

 🧩

SQL-injection-authentication-GBK

Solution for SQL-injection-authentication-GBK

 🧩

SQL-injection-authentication

Solution for SQL-injection-authentication

 🧩

SQL-injection-Blind

Solution for SQL-injection-Blind

 🧩

SQL-injection-Error

Solution for SQL-injection-Error

 🧩

SQL-injection-File-reading

Solution for SQL-injection-File-reading

 🧩

SQL-Injection-Filter-bypass

Solution for SQL-Injection-Filter-bypass

 🧩

SQL-injection-Insert

Solution for SQL-injection-Insert

 🧩

SQL-injection-Numeric

Solution for SQL-injection-Numeric

 🧩

SQL-Injection-Routed

Solution for SQL-Injection-Routed

 🧩

SQL-injection-String

Solution for SQL-injection-String

 🧩

SQL-injection-Time-based

Solution for SQL-injection-Time-based

 🧩

SQL-Truncation

Solution for SQL-Truncation

 🧩

Weak-password

Solution for Weak-password

 🧩

XML-External-Entity

Solution for XML-External-Entity

 🧩

XPath-injection-Authentication

Solution for XPath-injection-Authentication

 🧩

XPath-injection-Blind

Solution for XPath-injection-Blind

 🧩

XPath-injection-String

Solution for XPath-injection-String

 🧩

XSLT-Code-execution

Solution for XSLT-Code-execution

 🧩

XSS-Server-Side

Solution for XSS-Server-Side

 🧩

Yaml-Deserialization

Solution for Yaml-Deserialization