This blog post will cover the creator’s perspective, challenge motives, and the write-up of the web challenge Phishtale from Business CTF 2022. The challenge involves exploiting an HTTP/2 Request Smuggling vulnerability and bypassing Twig Sandbox Policy for Server-Side Template Injection to gain RCE.
HTB business-ctf ctf web request-smuggling ssti http2 cve-2021-36740 cve-2022-23614 rce write-up