EditaCTF
Web Exploitation
Websites all around the world are programmed using various programming languages. While there are specific vulnerabilities in each programming langage that the developer should be aware of, there are issues fundamental to the internet that can show up regardless of the chosen language or framework.
Sometimes CTFs hide their flags within the source code of their site, maybe a hidden directory or even within the cookies.
Some vulnerabilities that often show up in CTFs as web security challenges where the user needs to exploit a bug to gain some kind of higher level privelege.
- SQL Injection
- Command Injection
- Directory Traversal
- Cross Site Request Forgery
- Cross Site Scripting
- Server Side Request Forgery
We well not cover all these in our CTF but if your interested in web exploitation, please do check our picoctf, overthewire natas, websecurity academy and many other places to learn more (links in our discord #resources channel). Web Exploitation CTFs are very usefull if you want to get into bug bounty or any web based security role. They teach you how the web and websites work and you learn how to crack them, inturn making the site more secure when you report the bugs, and you get bounties for finding bugs, sometimes in 1000s of dollars.