: Perfil; Puntuación; CTF all the day; Statistiques; Contacto

PhoeniX

1092

Posición

5495

Puntos

220

Premium Retos

17

Compromissions

55%

Aplicación - Guión

390 Points
18 / 33

2%

Aplicación - Sistema

15 Points
2 / 93

16%

Cracking

225 Points
11 / 70

25%

Criptoanálisis

225 Points
19 / 75

70%

Forense

935 Points
31 / 44

31%

Programación

185 Points
9 / 29

35%

Realista

830 Points
21 / 60

41%

Red

200 Points
14 / 34

33%

Web - Cliente

300 Points
14 / 42

74%

Web - Servidor

2045 Points
71 / 96

o HTML - Source code
o HTTP - IP restriction bypass
o HTTP - Open redirect
o HTTP - User-agent
o Weak password
o PHP - Command injection
o API - Broken Access
o Backup file
o HTTP - Directory indexing
o HTTP - Headers
o HTTP - POST
o HTTP - Improper redirect
o HTTP - Verb tampering
o Install files
o Nginx - Alias Misconfiguration
x Nginx - Root Location Misconfiguration
o API - Mass Assignment
o CRLF
o File upload - Double extensions
o File upload - MIME type
o Flask - Unsecure session
o GraphQL - Introspection
o HTTP - Cookies
o Insecure Code Management
o JWT - Introduction
o XSS - Server Side
o Directory traversal
o File upload - Null byte
o JWT - Revoked token
o JWT - Weak secret
x JWT - Unsecure File Signature
o PHP - assert()
o PHP - Apache configuration
o PHP - Filters
o PHP - register globals
x PHP - Remote Xdebug
o Python - Server-side Template Injection Introduction
o File upload - ZIP
x Flask - Development server
x GraphQL - Injection
o Command injection - Filter bypass
o Java - Server-side Template Injection
o JWT - Public key
x JWT - Header Injection
o Local File Inclusion
o Local File Inclusion - Double encoding
x Nginx - SSRF Misconfiguration
o Node - Eval
o PHP - Loose Comparison
o PHP - preg_replace()
o PHP - type juggling
o Remote File Inclusion
o SQL injection - Authentication
o SQL injection - Authentication - GBK
o SQL injection - String
o XSLT - Code execution
x Elixir - EEx
x JWT - Unsecure Key Handling
o LDAP injection - Authentication
x Node - Serialize
o NoSQL injection - Authentication
o PHP - Path Truncation
o PHP - Serialization
o SQL injection - Numeric
o SQL Injection - Routed
o SQL Truncation
o XML External Entity
o XPath injection - Authentication
x Yaml - Deserialization
x API - Broken Access 2
x GraphQL - Backend injection
x GraphQL - Mutation
x Java - Spring Boot
o Local File Inclusion - Wrappers
o PHP - Eval
x PHP - Eval - Advanced filters bypass
o SQL injection - Error
o SQL injection - Insert
o SQL injection - File reading
o XPath injection - String
x File upload - Polyglot
x NodeJS - Prototype Pollution Bypass
o NoSQL injection - Blind
o SQL injection - Time based
x Java - Custom gadget deserialization
x NodeJS - vm escape
x Server Side Request Forgery
o SQL injection - Blind
o LDAP injection - Blind
x PHP - Unserialize overflow
x PHP - Unserialize Pop Chain
x SQL Injection - Second Order
x Python - dotenv
o Python - Blind SSTI Filters Bypass
o XPath injection - Blind
o SQL injection - Filter bypass

PhoeniX

1092

5495

220

17

55% Aplicación - Guión

2% Aplicación - Sistema

16% Cracking

25% Criptoanálisis

70% Forense

31% Programación

35% Realista

41% Red

43% Esteganografía

33% Web - Cliente

74% Web - Servidor