Challenge Overview Challenge: simple_sql_chatgpt Platform: Dreamhack Category: Web — SQL injection Vulnerable Query The application constructs an SQL query using unsanitised user input: ...

Challenge Overview Challenge: XSS Filtering Bypass Platform: Dreamhack Category: Web — Cross-Site Scripting Source Code Analysis First, analyse the contents of index.html. {% extends "ba...

Overview The application provides a file upload feature with no restriction on file type or extension. Since uploaded files are stored in a web-accessible directory, a PHP file can be uploaded and...

File Upload Vulnerabilities Purpose: File upload functionality is one of the most common features in web applications — and one of the most dangerous when implemented carelessly. This note cove...

What is Privacy-Preserving Record Linkage? (PPRL) PPRL is a technique for matching records about the same individuals across different databases — without exposing their private data. How it wo...

Challenge Overview Challenge: baby xss Platform: Dreamhack Category: Web — Cross-Site Scripting Source Code Analysis Endpoints The application has the following routes: GET /music - Mus...