Solving the Android track of CyCTF Luxor — extracting a token from exported SharedPreferences, recovering an AES-ECB key from the signing cert, and forging a...
android reverse-engineering binder-ipc shared-preferences aes
Chaining a path-traversal in an admin bot's QR-scan handler with an over-trusted promote endpoint to escalate a normal user to admin and reach the flag room.
path-traversal privilege-escalation broken-access-control api
Bypassing a broken XSS filter in a context using JavaScript hoisting to defeat a ReferenceError guard, then exfiltrating the admin bot's cookies via Burp...
xss javascript-hoisting cookie-exfiltration bot
@0xspongee // Helwan CTF
Read →
![Cover image for [Tob] WEB challenge](https://cdn-images-1.medium.com/max/1024/1*HRxA5uclaiQTOQO54ZtQCA.png)