<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Alessio Maddaluno</title>
    <link>//localhost:1313/</link>
    <description>Recent content on Alessio Maddaluno</description>
    <generator>Hugo</generator>
    <language>en-us</language>
    <copyright>© 2026 AM</copyright>
    <lastBuildDate>Wed, 22 Oct 2025 21:19:07 +0200</lastBuildDate>
    <atom:link href="//localhost:1313/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>247ctf Forgotten File Pointer</title>
      <link>//localhost:1313/posts/ctf/247ctf-forgotten-file-pointer/</link>
      <pubDate>Wed, 22 Oct 2025 21:19:07 +0200</pubDate>
      <guid>//localhost:1313/posts/ctf/247ctf-forgotten-file-pointer/</guid>
      <description>Forgotten File Pointer - WEB Platform: 247ctf Difficoltà: Moderate (Relativo alla piattaforma) Link: https://247ctf.com/ Descrizione We have opened the flag, but forgot to read and print it. Can you access it anyway? In questa challenge ci viene fornito un endpoint che mostra il codice della pagina stessa e ci viene chiesto di recuperare la flag che si trova in un file.&#xA;&amp;lt;?php $fp = fopen(&amp;#34;/tmp/flag.txt&amp;#34;, &amp;#34;r&amp;#34;); if($_SERVER[&amp;#39;REQUEST_METHOD&amp;#39;] === &amp;#39;GET&amp;#39; &amp;amp;&amp;amp; isset($_GET[&amp;#39;include&amp;#39;]) &amp;amp;&amp;amp; strlen($_GET[&amp;#39;include&amp;#39;]) &amp;lt;= 10) { include($_GET[&amp;#39;include&amp;#39;]); } fclose($fp); echo highlight_file(__FILE__, true); ?</description>
    </item>
    <item>
      <title>247ctf Compare the Pair</title>
      <link>//localhost:1313/posts/ctf/247ctf-compare-the-pair/</link>
      <pubDate>Sun, 19 Oct 2025 23:44:44 +0200</pubDate>
      <guid>//localhost:1313/posts/ctf/247ctf-compare-the-pair/</guid>
      <description>Compare The Pair - WEB Platform: 247ctf Difficoltà: Moderate (Relativo alla piattaforma) Link: https://247ctf.com/ Descrizione Can you identify a way to bypass our login logic? MD5 is supposed to be a one-way function right? In questa CTF ci viene fornito un endpoint in cui viene mostrato il codice sorgente della pagina stessa. Il nostro obiettivo è bypassare la logica di login:&#xA;&amp;lt;?php require_once(&amp;#39;flag.php&amp;#39;); $password_hash = &amp;#34;0e902564435691274142490923013038&amp;#34;; $salt = &amp;#34;f789bbc328a3d1a3&amp;#34;; if(isset($_GET[&amp;#39;password&amp;#39;]) &amp;amp;&amp;amp; md5($salt .</description>
    </item>
    <item>
      <title>Search</title>
      <link>//localhost:1313/search/</link>
      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
      <guid>//localhost:1313/search/</guid>
      <description></description>
    </item>
  </channel>
</rss>
