Letter Dispair: find the command execution path, trigger it cleanly, and read the flag.
codelocked
Php
10 postsweb
Letter Dispair
web
Console
Console: abuse php to cross the web trust boundary and recover the flag.
weblocked
Interstellar
weblocked
Insomnia
weblocked
PDFy
weblocked
POP Restaurant
weblocked
ScreenCrack
web
Toxic
Toxic: abuse unsafe deserialization to cross the trust boundary and reach the flag.
web
Feedback Flux
Feedback Flux: use the client-side injection path to steal the needed proof and recover the flag.