GitHunt
VI

vin-hacks/ClaraClassroom

The Clara S. Traversal's classroom is an intermediate level web security challenge (black box) where you will have to exploit both client-side and server-side vulnerability in order to change a student grade. Can you hack the class and get in? Access teacher only features? Do even more than the teacher can? Good luck!

ctfcybersecurityhackingjavascriptpythonvulnerabilitywebwebhackingwebsec

Clara S. Traversal's Classroom

This is supposed to be a black box challenge no source code review is necessary.

If you have any questions or want to get acces to hints you can add me on discord : vinhacks

The Clara S. Traversal's Classroom web security challenge is a challenge where you'll need to exploit a couple of web vulnerabilities in order to make Vincent's final grade over 90%.

  • Objective : Gain access to the class and find a way to change the user Vincent's final grade to be over 90%

  • Requirements : Python (3.10 or higher versions) installed nothing else.

  • Additional info: The teacher denies access to users every minute. Also I recommend not logging in to the teacher's account and logging out it will cause problems with the teacher.py script and is not needed for the challenge.

Warning: This is an intentionally vulnerable website. This code contains an RCE so make sure the website is not publicly accessible.

Startup

git clone https://github.com/vin-hacks/ClaraClassroom
cd ClaraClassroom
python3 server.py

In another shell

cd ClaraClassroom
python3 teacher.py

Then you should be able to access http://localhost:8081/ in your browser and begin hacking!

Note that this challenge was made so that no code review or enumeration is necessary.

The solution is in the SOLUTION.md file

Languages

Python57.7%HTML29.3%CSS13.0%

Contributors

VI
Created September 11, 2024
Updated August 27, 2025