I participated as a member of team CibersecUNI. In the web category we solved 6/9 challenges as a team. In this writeup I will go through the ones that I have solved: Testimonial Labyrinth Li...

Web cache Poisoning Web cache poisoning is not web cache deception, is not response splitting or request smuggling web cache deception tricking caches into storing sensitive information so the atta...

Cloudgoat RCE_WEB_APP Scenario Introduction CloudGoat is a training and learning platform developed by Rhino Security Labs to help individuals and organizations understand the risks and vulnerabil...

OS Command Injection Vulnerable Example The following snippet contains a Flask web application written in Python that executes the nslookup command to resolve the host supplied by the user. @app...

Templated Dificulty: easy Description: Can you exploit this simple mistake? Solution First we visit the site and see that uses jinja2, this template is susceptible to SSTI attacks. We s...

OS command injection allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application, and typically fully compromise the application and all its ...

Kryptos Support Checking the web page of this challenge gives a form to send an issue and an admin will review that issue. So its interesting, maybe the admin will click in that issue and we can...

Cross-site scripting known as XSS is a web vulnerability in which malicious scripts are injected int benign and trusted websites. XSS occur when an attacker send malicious code in any user input fi...

Also known as file path traversal allows to read arbitrary files on the servers. in some cases an attacker might be able to write arbitrary files on the server, allowing them to modify application ...

Authentication is the process of verifying the identity of a given user or client. In other words, it involves making sure that they really are who they claim to be, there are three authentication ...