Python

Automate solving 100 consecutive linear equations within a single HTTP session to unlock the flag.

Submit a withdrawal amount in scientific notation to exploit loose type parsing and credit 1 billion to your balance.

Identify and work around a Python variable shadowing bug where a function definition overwrites a string variable of the same name.

Boolean blind SQL injection on a login form to extract a password character by character using HEX comparison.

Automate extraction of 3000 nested zip files to retrieve the flag from the innermost archive.

Register, log in, notice the session_id cookie is a small integer. Brute-force integers upward from 30 until the admin session is hit and the flag appears.

Inject ’ OR ‘1’=‘1 into both username and password fields to make the SQL query always true and grab the flag from the response.

PHP’s loose comparison treats an array as truthy against any string. Sending password[] as an array in the POST body bypasses the string comparison and grants access.

Filter a PCAP for TCP packets, decode each packet’s payload from hex, and concatenate them in order — the resulting byte stream contains the flag.

The app tracks clicks with an integer cookie. Skip the clicking by setting ‘cookies’ to 10000000 directly and request the page — the server trusts the cookie value and returns the flag.