darkmarket-vuln-lab

🕶️ Dark Market Simulator An intentionally vulnerable CTF-...

CVE-2025-59932

Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the...

CVE-2025-59833

Flag Forge is a Capture The Flag CTF platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has unlocked them via point deduction. Users can view all hints for free,...

GZ::CTF 安全漏洞

GZ::CTF is an open source CTF platform based on ASP.NET Core by GZTime Individual Developers. A security vulnerability exists in GZ::CTF versions prior to 0.20.1, which originates from a cross-site scripting attack that can be performed by an unprivileged user on other users by constructing a...

Hack Battle at 'The Hacker Conference 2013' with CTF365

The Hacker Conference partnered up with CTF365 to provide the best CTF experience during the conference. While trying to find out more about their product and also about their CTF surprise, I got an interview with Marius Corici Co-founder and CEO for CTF365. Q: November 2012 was when you first...