Compared to last year and the year before, the difficulty of this year’s web challenges has significantly decreased, making them more approachable and beginner-friendly(It’s good to have both easy and difficult challenges). With the effort of my teammates, we managed to secure the first place, leaving only one web challenge unsolved.
This time, I only managed to solve the simple “funnylogin” and the challenging “safestlist” challenges. The rest were solved by my teammates. I also took a look at another challenge called “another-csp”. Therefore, this post will only cover the challenges I reviewed and the more difficult ones.
If you want to see other challenges, you can refer to other people’s writeups:
All challenge source code provided by the organizers can be found at: https://github.com/dicegang/dicectf-quals-2024-challenges
Keyword list:
- crash chromium
- slower css style
- xsleak
- URL length limit
- service worker
- background fetch
- connection pool + css injection
- iframe width + css injection