Web

Gunship: identify the broken request handling, prove control, and use it to recover the flag.

Jscalc: use path traversal to escape the intended read path and recover the flag.

Juggling facts: identify the broken request handling, prove control, and use it to recover the flag.

KORP Terminal: exploit the SQL injection, extract the needed data, and reach the flag.

Neonify: identify the broken request handling, prove control, and use it to recover the flag.

PetPet Rcbee: abuse file-upload to cross the web trust boundary and recover the flag.

Phonebook: identify the broken request handling, prove control, and use it to recover the flag.

Prying Eyes: use path traversal to escape the intended read path and recover the flag.

SpookTastic: use the client-side injection path to steal the needed proof and recover the flag.

TimeKORP: use path traversal to escape the intended read path and recover the flag.

Toxic: abuse unsafe deserialization to cross the trust boundary and reach the flag.

Trapped Source: identify the broken request handling, prove control, and use it to recover the flag.

Weather App: use SSRF to reach the hidden service or file path and pull the flag.

Feedback Flux: use the client-side injection path to steal the needed proof and recover the flag.

SQHell: exploit the SQL injection, extract the needed data, and reach the flag.