https://x3ric.com/blog/tags/file-upload/CTF notes, systems work, and writeups.Hugoen-usSat, 06 Jun 2026 21:41:13 +0200https://x3ric.com/blog/posts/HackTheBox-CachedWeb-Challenge/https://x3ric.com/blog/posts/HackTheBox-CachedWeb-Challenge/Tue, 23 Sep 2025 00:20:00 +0800challengehtbwebssrfpath-traversalfile-uploadrceflaskCachedWeb: chain SSRF with path control to reach the internal target and read the flag.https://x3ric.com/blog/posts/HackTheBox-DoxPit-Challenge/https://x3ric.com/blog/posts/HackTheBox-DoxPit-Challenge/Thu, 12 Dec 2024 09:20:00 +0800challengehtbwebtemplate-injectionssrffile-uploadflaskEnter the challenge flag to unlock this writeup.https://x3ric.com/blog/posts/HackTheBox-PetPet-Rcbee-Challenge/https://x3ric.com/blog/posts/HackTheBox-PetPet-Rcbee-Challenge/Sat, 30 Nov 2024 09:20:00 +0800challengehtbwebfile-uploadPetPet Rcbee: abuse file-upload to cross the web trust boundary and recover the flag.https://x3ric.com/blog/posts/HackTheBox-Prying-Eyes-Challenge/https://x3ric.com/blog/posts/HackTheBox-Prying-Eyes-Challenge/Sat, 30 Nov 2024 09:20:00 +0800challengehtbwebpath-traversalfile-uploadPrying Eyes: use path traversal to escape the intended read path and recover the flag.