Local File Inclusion

Nullcon HackIM CTF Goa 2026 – Flowt Theory

by

Category: Web / Misc Difficulty: Easy/Medium 1. Challenge Overview The challenge presented a “BillSplitter Lite” web application. The application allows users to input names and expense amounts, which it then calculates to settle debts. The prompt mentioned an “administrative fee” of 0.01 that was somehow hidden in the “extremely advanced math” of the calculation. 2. … Read more

Nullcon HackIM CTF Goa 2026 – WordPress Static Site Generator

by

Category: Web Difficulty: Easy 1. Challenge Overview The challenge presents a web application designed to convert WordPress XML export files into static websites. The interface is simple: The goal is to read the /flag.txt file stored on the server. 2. Vulnerability Analysis My first step was to explore how the “Generate” feature works. I intercepted … Read more