Attack-Defense CTF training, which was developed by members of dtl and Pudge Fun Club teams.
| Service | Language | Vulns | Authors |
|---|---|---|---|
| bimba | Java | JWT key leak via XXE in docx | @Demura |
| FileStorage | Python | sql injection in change() in db.py; LFI to rce in /upload; idor in /getfile?id={any id}; logic vuln in /register (you can overwrite user) | @Sonya_nyaaa, @Marcusov |
| magazinchik | C++ | Buffer overflow in add_user, password reset in /forgot | @ash |
| rce-as-a-service | Rust | Password leak via wasip2 socket api | @LeKSuS |
| shpagodrach | C | leak flags over format string, RCE via null-termination error and vtable overwrite | @azod002, @SEVA |