UofTCTF 2026 – No Quotes 3
Difficulty: Hard but Fun 1. Challenge Overview We are given a Flask application that mimics a login portal. The goal is to access the internal /home route and read the flag using the /readflag binary. The Obstacles: 2. Vulnerability Analysis The WAF (No Quotes, No Periods) The WAF makes standard attacks impossible. The “Swallow” (SQL … Read more