Hacker | Developer https://faizalhasanwala.me/ Writeup for a web challenge from VolgaCTF 2020 Qualifier which I really liked. User Center Challenge Description Steal admin’s cookie! https://volgactf-task.ru/ The goal is to achieve XSS on https://volgactf-task.ru. The application allows users to register, login, and edit their profile. main.js file handles all the client-side logic. main.js: function getUser(guid)... Sun, 29 Mar 2020 00:00:00 +0530 https://faizalhasanwala.me/2020-03-29-volgactf-writeup/ https://faizalhasanwala.me/2020-03-29-volgactf-writeup/ A writeup on web challenges solved during WhiteHat Grand Prix 06 - Quals CTF. I participated with team InfoSecIITR. Web 1 Web 2 Web 5 Web 1 The challenge was a To-Do service hosted at ​http://15.165.80.50/​. It allows users to register by choosing their usernames and a password. A user... Fri, 10 Jan 2020 00:00:00 +0530 https://faizalhasanwala.me/2020-01-10-whitehat-writeup/ https://faizalhasanwala.me/2020-01-10-whitehat-writeup/ This blog is a collection of the writeup on challenges I solved on websec.fr. I recommend that you attempt the challenge before reading the writeup. I will keep adding writeups here as I solve new challenges. :slightly_smiling_face: Level 01 It’s a simple SQL Injection. We first find out the query... Tue, 24 Sep 2019 00:00:00 +0530 https://faizalhasanwala.me/2019-09-24-websec-fr-writeup/ https://faizalhasanwala.me/2019-09-24-websec-fr-writeup/ An writeup on XSS vulnerability found in Oracle Communication Messaging Server’s web interface. Description Malicious email received and viewed on web client can lead to XSS in the iframe ending up in arbitrary JavaScript code execution in the context of the iframe. Injected XSS vector bypasses all the filters used... Thu, 19 Jul 2018 00:00:00 +0530 https://faizalhasanwala.me/2018-07-19-oracle-web-mail-xss/ https://faizalhasanwala.me/2018-07-19-oracle-web-mail-xss/ A writeup on web and android challenges solved during H1-702 2018 CTF. Web Challenge 1 Mobile Challenge 1 Mobile Challenge 2 Mobile Challenge 3 Mobile Challenge 4 Web Challenge 1 Challenge statement pointed out to an URL(http://159.203.178.9/). The index page informs about a service running on the server which allows... Sat, 30 Jun 2018 00:00:00 +0530 https://faizalhasanwala.me/2018-06-30-h1-2018-ctf-writeup/ https://faizalhasanwala.me/2018-06-30-h1-2018-ctf-writeup/