Daryx Writeups - Capture The Flag Solutions

UVT CTF - Seas Side Contraband

2026-02-27

Web

/

HTTP Smuggling

/

SSRF

/

Request Smuggling

/

TE.CL

/

CTF

TE.CL HTTP Request Smuggling to bypass 403, chained with SSRF to scan internal network and discover hidden file server containing the flag

923 words

|

5 minutes

BearCatCTF 2026 - Sea Shells

2026-02-22

Web

/

RCE

/

React

/

Next.js

/

CVE

/

Deserialization

/

CTF

Exploiting CVE-2025-55182 (React2Shell) — a critical insecure deserialization flaw in the React Server Components Flight protocol leading to unauthenticated RCE

796 words

|

4 minutes

UniverCTF 2025 - SilentSnow

2025-12-19

CTF Writeups

Web

/

WordPress

/

Privilege Escalation

/

UniverCTF

WordPress arbitrary options update leading to admin takeover and RCE

399 words

|

2 minutes

Jeanne Hack RPG - Level III

2025-02-02

Reverse Engineering

/

Binary Analysis

/

CTF

/

Jeanne Hack

Reverse engineering a dungeon crawler game plugin to extract flag from state machine table

725 words

|

4 minutes

CVE-2025-55182: ReactOOPS

2025-01-30

CVE Analysis

RCE

/

Deserialization

/

React

/

CVE

Critical RCE in Next.js 16.0.6 via React Server Components Flight payload deserialization

591 words

|

3 minutes

Magical Palindrome

2025-01-28

HackTheBox

Web

/

Type Coercion

/

JavaScript

JavaScript Type Coercion exploit to bypass palindrome validation with minimal payload

531 words

|

3 minutes

Calculator

2025-01-25

NextHunt CTF

Web

/

SSJI

/

RCE

Server-Side JavaScript Injection via template literals to bypass keyword filters

176 words

|

1 minute

GhostNote

2025-01-25

NextHunt CTF

PWN

/

Heap

/

UAF

Heap UAF to tcache poisoning for arbitrary write

461 words

|

2 minutes

Categories

Offensive Security

Defensive Security

CTF Writeups

Research