Midnight Flag Finals 2026 - Midnight Archive
2026-06-15
Dirty arbitrary file write to code execution via .pth and Werkzeug watchdog
Dirty arbitrary file write to code execution via .pth and Werkzeug watchdog
XSS to RCE via chromedriver
MitM into XSS
Bypassing path.extname to get RCE
Web - Medium - FirstBlood
Web - Medium
Some cool sqlis
Bypass authentication via jwt jku, then empty crypto wallet
Obtain access to the admin account, achieve code execution by dispatching weapons and retrieve the flag
Critical bug for Hack4Values and messing with jwts
Hacking pokemon with blind sql injection