In today’s blog, I’m going to show you how analyzing javascript files can lead to access unrestricted endpoints and to understand how the application deals with it. I’m also gonna show you how I bypassed 2 file upload endpoints to get RCE in an ASP.NET application. First of all, This…

Today I will show you how I was able to bypass disable_functions and get a remote shell that lead me to access most of the users' files. First of all, This was a public program, but nevertheless, I will refer to it with target.com. Application logic: The objective of this target application…

In this post, I am going to walk you through the Intigriti 0821 XSS Challenge, I hope you enjoy reading. Starting with the challenge page, it has three links with the same parameter (called recipe) and it takes a base64-encoded string for what will be printed on the page. Decoding…

In this post, I am going to walk you through a Web CTF challenge from Arab Security Cyber Wargames 2021 Qualifications, Hope you enjoy reading! Retention | 600 points Challenge description: The second time you visit us the loading would be faster. The flag must start with ASCWG❴…answer❵ First, let’s check the challenge link …

Hi, I’m Asem Eleraky -aka Melotover- and today I will show you how I could bypass a tough WAF to execute XSS and make a full account takeover via stealing the victim’s cookies. Note: I decided to make this scenario a challenge so you can try to solve it before…

Hi, I’m Asem Eleraky -aka Melotover- and today I will show you how I could leverage an XSS vulnerability using XHR request to make the attacker be a Super Admin on the victim account! First of all, This was a private program, so I will refer to it with example.com. Let…

In this post, I am going to walk you through a Forensics CTF challenge from Arab Security Cyber Wargames 2020 Qualifications, Hope you enjoy reading! MeowNetwork | 300 points First of all, Let’s download the File and check the description of the challenge. Challenge Description : A hacker managed to get into meownetwork and leaked sensitive files…

Welcome to my first Writeup ever! In this post, I am going to walk you through a Forensics CTF challenge from Arab Security Cyber Wargames 2020 Qualifications, Hope you enjoy reading! The-Impossible-Dream | 600 points First of all, Let’s download the File and check the description of the challenge. At the first look, nothing…