<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Cbc-R on CyberSecurity Elite</title><link>https://cybersecurityelite.com/tags/cbc-r/</link><description>Recent content in Cbc-R on CyberSecurity Elite</description><image><title>CyberSecurity Elite</title><url>https://cybersecurityelite.com/images/og-default.png</url><link>https://cybersecurityelite.com/images/og-default.png</link></image><generator>Hugo</generator><language>en-us</language><lastBuildDate>Thu, 09 Jul 2026 17:08:58 +0200</lastBuildDate><atom:link href="https://cybersecurityelite.com/tags/cbc-r/index.xml" rel="self" type="application/rss+xml"/><item><title>LYKNCTF 2026 Web Writeup: 10 Challenges Solved (Padding Oracle, JWT alg:none, SSRF+SSTI, PHP .php5, SQLi RCE)</title><link>https://cybersecurityelite.com/ctf-writeups/lyknctf-2026-web-writeup/</link><pubDate>Thu, 09 Jul 2026 14:15:00 +0000</pubDate><guid>https://cybersecurityelite.com/ctf-writeups/lyknctf-2026-web-writeup/</guid><description>Step-by-step LYKNCTF 2026 web-track writeup — ten challenges covering HTTP 302 body leaks, WebSocket race, nginx case-sensitivity bypass, AES-CBC padding oracle (CBC-R), 4-digit OTP brute + SQLi RCE + SUID csvtool, client-side API key leak, Flask debug source disclosure, JWT alg:none forge, PHP short-tag .php5 RCE, and SSRF into HMAC-invite forge into Jinja2 SSTI.</description></item></channel></rss>