Bob has since joined the CERT team and developed a nifty new site. Is there more than meets the eye?

I started by scanning "BoardLight," found a vulnerable web app, and used CVE-2023-30253 to gain initial access. I escalated privileges by using exposed database credentials, then exploited a SUID b...

Exploiting CVE-2023-4220 in the Chamilo LMS to gain remote code execution via an unauthenticated file upload. After initial access, the attack leverages a symlink attack on a vulnerable ACL script ...

A vulnerable web environment with flaws in Pluck CMS and Gitea, leading to information disclosure, RCE, and privilege escalation. Exploit weak hashes and uncover hidden data to gain control.

Welcome to the web application of U.A., the Superhero Academy.

Use your exploitation skills to bypass authentication mechanisms on a website and get RCE.