CTF Tasks
Capture The Flag challenge solutions and exploit writeups.

Continue Y/N — Cyber Maze Challenge V25
Multi-step exploitation chain: LFR → JWT forgery → SSRF → SQLi → RCE

SheSecured CTF — Access Denied
SSRF bypass using redirect rebinding to access internal endpoints

SheSecured CTF — Fama Mino?
SQL injection, LFI, and PHP filter chain to gain RCE

SheSecured CTF — Injection
Simple command injection in a ping utility

Ramadan's Spark CTF 2025 — Secure BankSys
SQL injection on a banking application

Ramadan's Spark CTF 2025 — Shadow Graph
GraphQL introspection to leak secrets

Ramadan's Spark CTF 2025 — Shadow Graph 2
SSRF to GraphQL SQL injection

Ramadan's Spark CTF 2025 — Struts
Apache Struts CVE-2017-5638 RCE via Content-Type header

Ramadan's Spark CTF 2025 — WhatIsXSS
Stored XSS with JS deobfuscation