CTFBoolean-based SQL injection. Transfer-Encoding chunked CTFCross-Site Search. Bypass Same-Origin Policy for exfiltration CTFImaginaryCTF 13/07/2022. 50 points. Server-Side Template Injection. Flask console CTFPython. Third-party dependencies. Code Injection. RCE CTFSession cookies. Authentication bypass CTFJavaScript. Prototype Pollution CTFCode injection. Read remote file CTFnginx. Directory listing CTFSSTI with limited characters CTFXML External Entity injection CTFInsecure deserialization with pickle CTFSECCON CTF Quals 2023. Node.js. JWT. Prototype Pollution CTFGraphQL batching attack. OTP and rate limit bypass. JWT. CSP. DOM Clobbering. XSS CTFHTB UniCTF 2022. GraphQL batching attack. OTP and rate limit bypass. JWT. CSP. DOM Clobbering. XSS CTFNode.js. Third-party dependencies. Code Injection. RCE CTFOpen Redirect. JWKS and JWT forgery. OTP bypass CTFHTB UniCTF 2024. Open Redirect. JWKS and JWT forgery. OTP bypass CTFMongoDB. NoSQL injection CTFpicoCTF 2021. 40 points. Modify cookies CTFParameter injection. Local File Read CTFJWT. Server-Side Template Injection CTFHTB CA 2023. JWT. Server-Side Template Injection CTFXPATH injection. Automate flag extraction CTFBoolean-based SQLi in ORDER. Automate flag extraction CTFPython. Code injection CTFServer-Side Request Forgery. Regular Expression Denial of Service CTFImaginaryCTF 28/09/2022. 50 points. API docs CTFDiceCTF 2024 Quals. SQLi. JavaScript object attributes CTFpicoCTF 2021. 20 points. HEAD request method CTFGo. Server-Side Template Injection. Local File Read CTFHackOn CTF 2024. Data exfiltration by oracle CTFPrototype Pollution. AST Injection CTFServer-Side Request Forgery. IP address bypass CTFStack-based SQL injection CTFStack-based SQL injection CTFHTTP Parameter Pollution CTFpicoCTF 2019. 50 points. HTML, CSS and JS CTFSQLi in SQLite to RCE in PHP CTFJavaScript. Code injection CTFSQL injection. Password hash cracking CTFCross-Site Scripting. Insecure Direct Object Reference CTFCouchDB. NoSQL injection. Authentication bypass CTFPHP. Remote Code Execution. PHPMailer (CVE) CTFImaginaryCTF 12/09/2022. 75 points. MD5 hash. Prototype Pollution CTFCommand injection. Remote Code Execution CTFPHP. Code injection. Remote Code Execution CTFBasic web pentesting. XSS, IDOR, SQLi 
CTFAdvanced web pentesting and cryptanalysis. XXE. Reverse Engineering CTFSVG file read through image. Forge session cookie CTFCRLF Injection. RegEx bypass. Server-Side Template Injection CTFHackOn CTF 2025. XSS. Service Worker. Tabnabbing CTFCross-Site Scripting. Cookie hijacking CTFSQL injection. Directory Traversal. Local File Read CTFHTB CA 2023. SQL injection. Directory Traversal. Local File Read CTFHTB CA 2023. GraphQL. IDOR CTFHA-Proxy. HTTP request smuggling via WebSocket. Server-Side Request Forgery. MongoDB Wire Protocol. Gopher Protocol. Cypher injection (neo4j). Command injection. RCE CTFHTB CA 2024. HA-Proxy. HTTP request smuggling. Server-Side Request Forgery. MongoDB Wire Protocol. Gopher Protocol. Cypher injection (neo4j). Command injection. RCE CTFServer-Side Request Forgery. localhost bypass. HTTP Request URI CTFHackOn CTF 2025. SvelteKit. Development mode. SQL wildcard injection CTFCross-Site Request Forgery. Remote Code Execution CTFSSRF. Path Traversal. Gopher protocol. Redis RCE CTFImaginaryCTF 04/11/2022. 50 points. robots.txt CTFSQL injection. Authentication bypass CTFServer-Side Request Forgery. TOCTOU CTFImaginaryCTF 08/11/2022. 50 points. HTTPs certificate CTFImaginaryCTF 03/11/2022. 50 points. Inspect HTML code CTFTAR Directory Path Traversal. Server-Side Template Injection CTFInsecure deserialization with pickle CTFAuthentication bypass. JavaScript code injection CTFServer-Side Template Injection CTFServer-Side Template Injection CTFMalicious file upload. SSTI to XSS. CSP bypass CTFHTB CA 2023. Malicious file upload. SSTI to XSS. CSP bypass CTFFlask. Server-Side Template Injection. RCE CTFGo. gRPC. Client-side verification. Directory traversal. Arbitrary File Write. Server-Side Rendering CTFHTB CA 2024. Go. gRPC. Client-side verification. Directory traversal. Arbitrary File Write. Server-Side Rendering CTFDirectory Traversal. Local File Read. JWT. Broken Access Control. SSRF. Command Injection. RCE CTFHTB UniCTF 2022. Directory Traversal. Local File Read. JWT. Broken Access Control. SSRF. Command Injection. RCE CTFPHP deserialization. Local File Inclusion. Log Poisoning CTFInsecure Deserialization in pickle. SSRF in Redis CTFHTB CA 2023. Insecure Deserialization in pickle. SSRF in Redis CTFPHP. Time-based SQL injection. WAF bypass CTFJava. CVE. SnakeYAML insecure deserialization CTFpicoCTF 2019. 100 points. robots.txt CTFMongoDB. NoSQL injection. Automate flag extraction