Stored XSS Vulnerability in Root the Box Frontend

Root the Box is a real-time capture-tagging CTF scoring engine for computer war games in which to practice and learn. The application can be easily configured and modified for any CTF style game. Root the Box suffers from a stored XSS vulnerability in the frontend that can be exploited by an...

Weak randomization seeds of vulnerability science-vulnerability warning-the black bar safety net

0x00 background Last week I attended a Bishop Fox and the BYU University organized CTF game, during the race I decided to try out the invasion about the scoring system, and I took intrusion of the recording process down. Although the client token cheat is not nothing new, but this time the invasi...