Introduction XPath (XML Path Language) injections pose a significant threat to web applications that use XML databases. Similar to SQL injection attacks, XPath injections involve manipulating XPat...

Cookies Default cookie session name is “session”. Flask-unsign Command line tool to fetch, decode, brute-force and craft session cookies of a Flask application by guessing secret keys. To insta...

Introduction JSON Web Tokens (JWTs) have become a standard for transmitting cryptographically signed JSON data between systems. Primarily used for authentication, session handling, and access cont...

Statement Resolution On the home page, there is just this message. Nothing else. In the response of the main page, there is a “refresh” header with a url inside. On this new page, there i...

Statement Website Here is the main page. We can calculate the factorial of a number (example 3). We can change the theme of the page for cold or warm. Note that the theme is a url para...

Context We have to get the content of the file salle_au_tresor. Resolution Functions Here are the functions in the executable. I renamed some to better understand the program. Main Here i...

Context We are given the file tour-de-magie.zip Inside it, there is the main.wasm file which is a WebAssembly file. A WebAssembly (Wasm) file is a binary format designed for efficient and safe...

Context We are given this code: void choices(void) { bool bVar1; bool bVar2; int has_choose; long in_FS_OFFSET; int choice; char local_58 [72]; long local_10; local_10 = *(l...

Context We connect to netcat to know more: We can: Buy a strength elixir. drink a strength elixir. Talk to the alchemist. show stats. get the key. get out. If we try to get th...

Context We are given an executable that creates a painting. Here is the painting: On the screen, we only see the bottom right of the painting. In fact the painting is entirely black. We can ...