web writeups

find web ctf writeups.

web writeups walk through how a player found and exploited a server-side vulnerability — SQL injection, XSS, SSRF, SSTI, LFI, IDOR, command injection, or deserialization. read them to see the recon path, the payload that worked, and why the intended bug was reachable.

search web writeups on ctftime

ctftime: web ctftime: sqli ctftime: xss ctftime: ssrf ctftime: ssti

what web writeups cover

SQL injectionerror-based, blind boolean, and time-based writeups show how a single quote led to dumping the database or bypassing auth with ' OR 1=1--.
XSSreflected, stored, and DOM writeups show how unsanitized input became JavaScript execution and cookie/flag exfiltration.
SSRFwriteups show how a server-side fetch was pointed at internal services (cloud metadata, Redis, localhost) to reach the flag.
SSTItemplate injection writeups trace {{7*7}} confirmation through to RCE via Jinja2 / Freemarker object traversal.
LFIpath-traversal writeups show ../../../etc/passwd escalating to RCE via log poisoning or php:// wrappers.
IDORwriteups show predictable IDs in URLs or API calls exposing other users' resources.
command injectionwriteups show shell metacharacters (; && | $()) turning a ping or lookup form into code execution.

read writeups after you've tried

writeups teach the most when you've already spent real time on a webchallenge. if you're stuck mid-solve, get a spoiler-free hint first — then read a writeup to see the gap between your approach and the intended one.

web guide web hints

all writeups get hints →