Blog | kudaliar's blog

2026

Nullcon HackIM CTF Goa 2026 - Meowy

Writeup for Meowy from Nullcon HackIM CTF 2026. A Web challenge involving Flask session forgery, SSRF, and Werkzeug PIN RCE.

k kudaliar
February 8, 2026
5 min read

writeup web flask ssrf werkzeug rce nullcon
Nullcon HackIM CTF Goa 2026 - Web 2 Doc 2

Writeup for Web 2 Doc 2 from Nullcon HackIM CTF 2026. A Web challenge involving WeasyPrint LFI via PDF attachments.

k kudaliar
February 8, 2026
3 min read

writeup web weasyprint lfi pdf-generation nullcon
Nullcon HackIM CTF Goa 2026 - WordPress Static Site Generator

Writeup for WordPress Static Site Generator from Nullcon HackIM CTF 2026. A Web challenge involving Pongo2 SSTI via Path Traversal.

k kudaliar
February 8, 2026
3 min read

writeup web pongo2 ssti path-traversal nullcon