Web
Writeup: Microsoft Axel - upCTF (Web) Paid Members Public
Overview GhostDrop is a Flask web application that lets users fetch files from URLs using the axel download accelerator and later download them. The app has two main endpoints: * POST /fetch - Takes a URL, runs axel to download the file into /app/files/ * GET /download/<path:filename>
Writeup: 0day on ipaddress - upCTF (Web) Paid Members Public
Overview The challenge provides a Flask web application that wraps an "nmap" scanning tool. Users supply an IP address (and optional port) via the /check endpoint, which gets passed into a shell command. The goal is to achieve command injection to read the flag file. Source Code Analysis
