Bankroll CTF@CIT 2026

1. 1Identify the vulnerabilities in the provided source code by reviewing the docker-compose.yml file and mapping out the entire setup.
2. 2Use user fuzzing to gather information and potentially discover an information leak.
3. 3Exploit the information leak to obtain a password hash and then crack the password.
4. 4Use the cracked password to login and then exploit a stored XSS vulnerability to steal an admin cookie.
5. 5Utilize the stolen admin cookie to perform a Server-Side Request Forgery (SSRF) and gain access to the internal service.
6. 6Once access is gained, use SQL injection to extract the secret flag.

This challenge is suitable for a cybersecurity team, particularly those interested in web application security and penetration testing. It requires a deep understanding of various vulnerabilities and how to exploit them.

💡 Chaining multiple vulnerabilities together can lead to a successful exploit, even if individual vulnerabilities are not severe on their own.

Solve a multi-stage web challenge by chaining vulnerabilities together! #cybersecurity #webapplicationsecurity