Do you want to challenge your vulnerability hunting skills? We created these CTF challenges to allow you to do exactly that, while helping you to quickly learn CodeQL.
Our latest CTF is now closed. You can still try it to practice your CodeQL skills and to have fun!
CTF 4: CodeQL and chill - Find a pre-auth RCE in Netflix Titus.
Language: Java - Difficulty level:
Looking for a vulnerability hunting challenge? Then this Java CTF challenge is for you! You will hone your bug finding skills and also learn all about CodeQL's taint tracking features.
Your mission, should you choose to accept it, is to hunt for a recently identified vulnerability in a container management platform. This vulnerability enabled attackers to inject arbitrary Java EL expressions, leading to a pre-auth Remote Code Execution (RCE) vulnerability.
Using CodeQL to track tainted data from a user-controlled bean property to a custom error message, you'll learn to fill in any gaps in the taint tracking to carve a full data flow path to the vulnerability.
You can still enjoy these past challenges, to practice CodeQL, or just for the fun!
If you want to learn more about writing CodeQL queries before getting started with these CTF challenges, you may find the following articles and documents useful:
If you find yourself stuck writing in the QL language or on any part of the CTF and would like some help, email us at ctf@github.com