https://hussienmisbah.github.io/categories/code-review/ Recent content in Code Review on 0xMesbaha Hugo en Wed, 28 May 2025 12:49:18 +0200 https://hussienmisbah.github.io/posts/code-review/2025-05-29-jdbcleak-egcert-finals/ Wed, 28 May 2025 12:49:18 +0200 https://hussienmisbah.github.io/posts/code-review/2025-05-29-jdbcleak-egcert-finals/ <p><em>JDBCLeak Leak was a challenge introducted in EGCERT CTF Finals 2025 under the category R&amp;D , tbh i didn&rsquo;t even look at the challenge during CTF Time , didn&rsquo;t expect this category to introduce such good example of a real case code review challenge , however after reading the author&rsquo;s blog <a href="https://bitthebyte.medium.com/here-is-what-you-missed-during-the-egcert-ctf-2025-finals-927297143d9a" target="_blank" rel="noopener noreffer ">here</a> about the category and challenge i thought of trying it myself and create a POC for it to get rce reading /flag.txt , we got 3rd place btw :&ldquo;D</em></p> https://hussienmisbah.github.io/posts/code-review/2024-05-06-wizerctf-may-2024/ Sun, 05 May 2024 12:49:18 +0200 https://hussienmisbah.github.io/posts/code-review/2024-05-06-wizerctf-may-2024/ <p><em>Wizer CTF is an exciting game designed specifically for developers . It&rsquo;s all about putting your skills to the test and seeing if you can identify and exploit vulnerabilities while honing your secure coding abilities. The game kicks off with a snappy code snippet that comes with some tricky vulnerabilities. Your goal? Spot those vulnerabilities and figure out how to exploit them. The cool thing is that you don&rsquo;t have to rely on guesswork to know if you&rsquo;ve got it right. You can actually execute your payload right there on the game page. If you manage to successfully exploit the vulnerabilities, you&rsquo;ll earn yourself a flag and a well-deserved spot on leaderboard , The main focus area is web exploitation and the ctf event is held every quarter , this writeup discusses 5 challenges out of 6.</em></p>