# ctftime.org writeups - [Ez Bounty – K!nd4SUS CTF 2026](https://l1nuxkid.gitbook.io/l1nuxkid-docs/ctftime.org-writeups/ez-bounty-k-nd4sus-ctf-2026.md): This challenge involves a web app where the admin bot visits a user-controlled URL with a flag stored in a non-httpOnly cookie. The goal is to exfiltrate the flag cookie by triggering Stored XSS - [SpotiVibe 1 - K!nd4SUS CTF 2026](https://l1nuxkid.gitbook.io/l1nuxkid-docs/ctftime.org-writeups/spotivibe-1-k-nd4sus-ctf-2026.md): "Now that Spotify has made their app uncrackable I decided to build my own personal version with the help of good old AI. It's all so fantastic!!!" - [Silent Oracle - 0xV01D CTF 2026](https://l1nuxkid.gitbook.io/l1nuxkid-docs/ctftime.org-writeups/silent-oracle-0xv01d-ctf-2026.md): A quiet internal directory exposes only a small public surface. The useful answers are hidden behind how the service thinks about people and roles. - [Beta app - Hackअस्त्र 2026](https://l1nuxkid.gitbook.io/l1nuxkid-docs/ctftime.org-writeups/beta-app-hack-2026.md): The challenge simulates a real-world AWS Cognito Identity Pool misconfiguration found in mobile apps. By reading the page source, extracting AWS config, and abusing the lack of trust conditions on the - [SWAG — Hackअस्त्र 2026](https://l1nuxkid.gitbook.io/l1nuxkid-docs/ctftime.org-writeups/swag-hack-2026.md) - [Mission Control - Hackअस्त्र 2026](https://l1nuxkid.gitbook.io/l1nuxkid-docs/ctftime.org-writeups/mission-control-hack-2026.md) - [XSS in API via Content-Type Misconfiguration](https://l1nuxkid.gitbook.io/l1nuxkid-docs/ctftime.org-writeups/xss-in-api-via-content-type-misconfiguration.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://l1nuxkid.gitbook.io/l1nuxkid-docs/ctftime.org-writeups.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.