Php :: X3ric Blog

Php :: X3ric Bloghttps://x3ric.com/blog/tags/php/CTF notes, systems work, and writeups.Hugoen-usSat, 06 Jun 2026 21:41:13 +0200HackTheBox Phoenix Pipeline Challengehttps://x3ric.com/blog/posts/HackTheBox-Phoenix-Pipeline-Challenge/https://x3ric.com/blog/posts/HackTheBox-Phoenix-Pipeline-Challenge/Sat, 06 Jun 2026 00:00:00 +0200challengehtbcodephpEnter the challenge flag to unlock this writeup.HackTheBox Letter Dispair Challengehttps://x3ric.com/blog/posts/HackTheBox-Letter-Dispair-Challenge/https://x3ric.com/blog/posts/HackTheBox-Letter-Dispair-Challenge/Fri, 28 Feb 2025 00:20:00 +0800challengehtbwebrcephpcve-2016-10045Letter Dispair: find the command execution path, trigger it cleanly, and read the flag.HackTheBox Console Challengehttps://x3ric.com/blog/posts/HackTheBox-Console-Challenge/https://x3ric.com/blog/posts/HackTheBox-Console-Challenge/Sun, 16 Feb 2025 00:20:00 +0800challengehtbwebphpConsole: abuse php to cross the web trust boundary and recover the flag.HackTheBox Interstellar Challengehttps://x3ric.com/blog/posts/HackTheBox-Interstellar-Challenge/https://x3ric.com/blog/posts/HackTheBox-Interstellar-Challenge/Fri, 24 Jan 2025 00:20:00 +0800challengehtbwebsql-injectionssrfrcephpEnter the challenge flag to unlock this writeup.HackTheBox Insomnia Challengehttps://x3ric.com/blog/posts/HackTheBox-Insomnia-Challenge/https://x3ric.com/blog/posts/HackTheBox-Insomnia-Challenge/Thu, 12 Dec 2024 09:20:00 +0800challengehtbwebphpEnter the challenge flag to unlock this writeup.HackTheBox PDFy Challengehttps://x3ric.com/blog/posts/HackTheBox-PDFy-Challenge/https://x3ric.com/blog/posts/HackTheBox-PDFy-Challenge/Thu, 12 Dec 2024 09:20:00 +0800challengehtbwebphpEnter the challenge flag to unlock this writeup.HackTheBox POP Restaurant Challengehttps://x3ric.com/blog/posts/HackTheBox-POP-Restaurant-Challenge/https://x3ric.com/blog/posts/HackTheBox-POP-Restaurant-Challenge/Thu, 12 Dec 2024 09:20:00 +0800challengehtbwebphpEnter the challenge flag to unlock this writeup.HackTheBox ScreenCrack Challengehttps://x3ric.com/blog/posts/HackTheBox-ScreenCrack-Challenge/https://x3ric.com/blog/posts/HackTheBox-ScreenCrack-Challenge/Tue, 03 Dec 2024 09:20:00 +0800challengehtbwebssrfrcephpEnter the challenge flag to unlock this writeup.HackTheBox Toxic Challengehttps://x3ric.com/blog/posts/HackTheBox-Toxic-Challenge/https://x3ric.com/blog/posts/HackTheBox-Toxic-Challenge/Sat, 30 Nov 2024 09:20:00 +0800challengehtbwebdeserializationrcephpToxic: abuse unsafe deserialization to cross the trust boundary and reach the flag.HackTheBox Feedback Flux Challengehttps://x3ric.com/blog/posts/HackTheBox-Feedback-Flux-Challenge/https://x3ric.com/blog/posts/HackTheBox-Feedback-Flux-Challenge/Sat, 02 Nov 2024 09:20:00 +0800challengehtbwebxssphpFeedback Flux: use the client-side injection path to steal the needed proof and recover the flag.