Capture the Flag by SecurityBoat Jan 2024 Challenge!


Capture the Flag (CTF) report includes findings on login bypass and an Arbitrary File Upload Vulnerability.

  1. Navigate this Endpoint
  2. Enter login bypass payload “admin’ or ‘1’=’1- — ” as shown below screenshot.

3. Now, Goto “Products” functionality, after filling all details, Upload php shell in “Images” parameter.

4. After shell has been uploaded, recall shell along with “cat+/home/flag.txt” command.



Sandeep Vishwakarma

An Information Security Consultant specializing in WAPT, MAPT, NPT, WPT, and DFIR.