Hungarian Cyber Security Challenge 2020
iDrive
· β˜• 4 min read · ✍️ M4t35Z
Union-Based SQL injection in a file download functionality leads to arbitrary file read

LaunchR
· β˜• 4 min read · ✍️ M4t35Z
IDOR discloses userid of other users. SSTI discloses SECRET_KEY which was same as the jwt secret. With this, I changed my userid to admin.

Secret Token
· β˜• 4 min read · ✍️ M4t35Z
URL parser regex whitelist bypass with \ (This challenge was based on a real bug in google's main library which was found by a hungarian researcher David SchΓΌtz)