> CTF's

22 stycznia, 2026
[CTF][C:CCE][#4] – Megaclinic CTF: Stored XSS leading to Admin Session Hijacking
cookieCybersecurityExploitsJavaScriptsession hijackingXSS
Executive Summary This report details the exploitation of a Stored Cross-Site Scripting (XSS) vulnerability in the Megaclinic Patient Panel. The vulnerability existed within the appointment scheduling...
15 stycznia, 2026
[CTF][C:CCE][#3] - User Enumeration & Weak Credentials on MegaBlog
burp suitehydraPHPWordPress
Executive Summary During the assessment of the megablog.cbr staging environment, two primary vulnerabilities were chained to gain unauthorized access. First, the application configuration allowed for...
13 grudnia, 2025
[CTF][C:CCE][#2] - Megablog CTF: From DNS Issues to Database Takeover
CMSCybersecurityExploitsWordPress
Sometimes the hardest part of a CTF isn’t the exploit itself, but just getting the target to talk to you. After solving the initial connectivity puzzle, I faced a WordPress instance that seemed secure—until...
13 grudnia, 2025
[CTF][C:CCE][#1] - Horyzont CTF: How I Conquered Backdrop CMS (And Why 404 Isn't the End)
CMSCybersecurityExploitsFTPPHP
In the world of pentesting and CTFs, it’s easy to fall into the „script kiddie” trap: you download an exploit, run it, and expect a shell. But what happens when the tool fails? What do...
15 października, 2025
[CTF][HTB][#2] - Web Enumeration
In this post I’ll describe how I solved a web enumeration CTF challenge. I used several basic scanning and web-application analysis techniques to ultimately retrieve the flag. 1. Basic server reconnaissance I...