CSP evaluator SSRF via localhost blacklist bypass, then time-based regex (ReDoS) exfiltration against a secret validation endpoint to recover the flag.

Abusing NaN behavior in Python JSON handling to bypass score validation and instantly claim the flag.

Web Exploitation Writeup (SSRF + SQLi bypass to leak internal admin secrets)

glibc 2.23 heap exploitation with an off-by-one overflow, unsorted-bin leaks, fastbin manipulation, stack chunk placement, and __free_hook → system.