Information CCE 2025 본선에 출제했던 광명국제공항 문제에 대한 출제자 write-up입니다. Write-up 해당 문제는 공항 예약 서버와 불편사항 접수 서버가 각각 3000번 포트와 5000번 포트에서 실행중입니다. 먼저 reservation 서버의 기능을 살펴보면 항공권 예약 기능이 존재합니다. // routes/reservat...

Information Participated with DeadSec CTF 2024 Challenge Author Comment Hello!, This is Little stranger, who participated DeadSec CTF as a web challenge author of Colorful board. Thank you to ever...

Information Team: DeadSec Write up web/zoo feedback form Desc Simple xxe injection prob, Inject exploit ( XML ) Exploit <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE root [ <!ENTIT...

Refer Portswigger Document JWT vulnerability🩸 Info This Problem is JWT confusion. RS256 uses an asymmetric key, a private key for generation, and a public key for verification. HS256 uses publi...

Information Target: MongoDB Vulnerability: Race Condition Desc MongoDB Race Condition Attack with db lock. Example Code // admin.controller.ts @Post('list') async getFlagList(@Body() listDto: Lis...

Information Team name: YouAreMyUniverse Rank: 3rd place Write up web/atten-dance Desc Get first flag with race condition attack, Get second flag with sql injection ( Json injection ) Exploit impo...