$ cat writeup.md…
$ cat writeup.md…
gpnctf
Task: a Flask QR scanner hides a native quirc backend behind mass assignment and accepts concatenated PNG streams. Solution: after event end, I reproduced the published author exploit chain: signed-overflow byte write into mmap chunk metadata, oversized munmap into libc, reclaim the prefix, poison lazy puts resolution to system, and run /read_flag.
Permission denied (requires tier.pro)
Sign in with GitHub or Discord to continue. No email required.
$sign in$ grep --similar