🕸️Web Exploitation

For this part, there will be more explanations on it in different sections. I will show only the writeup for this challenge

The Sentinel’s Comment

Let open the link given. It redirect to this page. ( I cannot open the link at the moment this writeup being documented).

There is no much information about this, looking on source code (ctrl+u)

We got the hint, let check all other source.

Both source have this flag. Let combine and submit the flag.

FLAG : FSECSS{1ns3cur3_W3bs1t3_D3v3l0pm3nt}

Robert’s Robot

Same as previous questions, I cannot open the link when this writeup are documented.

As the question mentions about robot, let check robots.txt file.

Got flag there.

The Sentinel’s Comment 2

Let open the website and see the source code.

For this challenge, it happen to have small mistake on numbering after comfirming with the organizer. Number 5 are missing in the challenge. Let combine the flag with asceding order.

FLAG : FSECSS{C0mm3nts4g4in!?}

Robert’s Robot 2

Using the same page as previous questions, let check robots.txt.

Put change robot to flag.txt

FLAG : FSECSS{wH0_d035Nt_L1k5_RoB0T5}

Trypanophobia

Let check this website.

No much information we get. Check the source code .

Got redirect page. Login page?. Let check it.

POST method??. Let inject with sql injection payload. I use simple payload for this question.

' OR '1

Oh oh, it detect our injections. Let bypass it using words.

admin' --

We got the flag.

FLAG : FSECSS{m0R3_SQL_plz_aee925db}

Dr. DB

For this question, I already mention about injection. Should it SQL injection.

Let put payload as previous question.

admin' --

We got the flag.

FLAG : FSECSS{s0m3_SQL_f8adf3fb}