solar-energy TLDR; Solr query injection, which lead to file read. On the previous weekend I played nullcon HackIM 2020 CTF. In the end our team managed to take 2nd place. There was couple of interesting challenges and one of them was challenge involving Apache Solr, software which I don’t have too much expirience with. I heavily used Burp and Hackvertor extension, that helped me with URL encoding (these ‘<@urlencode>’ tags in the requests).

PostMan [web, 70p, 12 solves] TLDR; simple XSS which was blocked by CSP. You needed to inject into CSP header to get XSS working. The application let user to create posts with a title and an image. Image had to be passed in form of a link. You could report post to the admin who will inspect it (typical XSS challange). Right of a bat I found simple XSS in title field <script>alert(1)</script>, but it was blocked due to CSP header that server set in the response: