(Web) Tar Inspector [994 pts] Tar Inspector challenge is get the shell using RCE and read the flag Many people asked for a hint and the contest provided the code for the secure_filename() fun...

(Web) Baby SQLi [170 pts] Baby SQLi challenge is bypass of waf and using shell command. First, You can using .system/.shell/.sh command and execute shell command in SQLite3 // SQLite3 CLI sq...

(Web) babyxss [270 pts] The babyxss challenge is a simple XSS challenge disguised as DOMPurify Bypass. <?php require_once("secrets.php"); # This Challenge using newest version DomPurify..! Mayb...

(Web) Babier CSP [107 pts] The Babier CSP challenge is a simple CSP Bypass challenge. <script nonce=LRGWAXOY98Es0zz0QOVmag==> elem.onclick = () => { location = "/?name=" + encodeUR...