#xss

1 writeup

Canvas of Fear
Midnight Flag CTF 2026 · 2026 · Mar 15, 2026
Web

Stored XSS → localhost admin → heap underflow in a native canvas manager → libc leak → arbitrary R/W → libc ROP → flag. A full web-to-pwn chain.

#xss #heap #glibc-2.34 #ROP
hard