XOD
Description
The challenge give us an DNS over HTTPS server wrote on php:
<?php header("Content-Security-Policy: default-src 'self' 'unsafe-eval'; style-src 'unsafe-inline'"); if (!isset($_GET['dns']) || !is_string($_GET['dns'])) { …
2025-07-28192 words1 min
wwctf - Domain of Doom Revenge
Domain of Doom Revenge
Description
You’re querying domains, but some lead to dangerous places
The flag is hidden in an environment variable. Solve
They provided us with the source code of the web application.
Here, we can see a regular expression that attempts to sanitize the input, which is …
