
QnQSec CTF - s3cr3ct w3b revenge Writeup
Room / Challenge: s3cr3ct_w3b revenge (Web) Metadata Author: jameskaois CTF: QnQSec CTF 2025 Challenge: s3cr3ct_w3b revenge (web) Target / URL: http://161.97.155.116:8088/ Points: 50 Date: 20-10-2025 Goal We have to get the flag by leveraging XML viewer. My Solution Examine the source code, the source code is written in PHP however examine the Dockerfile, unlike s3cre3ct_web the DockerFile now is different: FROM php:8.2-apache RUN docker-php-ext-install pdo pdo_mysql RUN a2enmod rewrite COPY public/ /var/www/html/ RUN mkdir -p /var/flags && chown www-data:www-data /var/flags COPY flag.txt /var/flags/flag.txt WORKDIR /var/www/html/ EXPOSE 80 The flag.txt file is copied to /var/flags/flag.txt so we cannot access it like the s3cre3ct_web challenge anymore. ...
