Web

2 writeups

Canvas of Fear
Midnight Flag CTF 2026 · 2026 · Mar 15, 2026
Web

Stored XSS → localhost admin → heap underflow in a native canvas manager → libc leak → arbitrary R/W → libc ROP → flag. A full web-to-pwn chain.

#xss #heap #glibc-2.34 #ROP
hard
Secure Gate Writeup
TKB CTF · 2025
Web

I made a simple note app protected by a secure gateway.

#web