bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

Vuln-Drive 2 - bi0sCTF22

ma1f0y
2023-01-24
Web

tl;dr

  • SSRF using file_get_contents() and CRLF in ini_set()
  • basic Header quirks to bypass waf
  • sqli using column trick in SQLite to get the flag
Read More
CRLF SSRF bi0sCTF22 SQLi

Vuln Drive - InCTF Internationals 2021

Rohit
2021-08-15
Web

tl;dr

  • /source to get the source
  • Access local host from dev_test using SSRF
  • SQLI to get the flag path a nd LFI to get the flag
Read More
InCTFi LFI SSRF SQLI

VideoBazar - InCTF Internationals 2020

Captain-Kay
2020-08-26
Web Exploitation

tl;dr

  • Part-1: .bzr file retrival using any tool
  • Part-1: exploiting ssrf via ffmpeg to read /flag file to a video and download it before it gets deleted
Read More
InCTFi SSRF bzr ffmpeg

Web writeups - InCTF Internationals 2019

SpyD3r
2019-10-16
Web Exploitation

Hey, I am SpyD3r(TarunkantG) and In this blog I will be discussing all the 5 web challenges that I made for InCTFi 2019 and a lot of SQLi and bypassing disable_functions tricks.

Read More
InCTFi PHP SSRF Gopherus

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.