Tags: web

Rating: 3.0

Below is the hint that was given with challenge description
HINT - Try looking past the typical vulnerabilities. Think about possible programming mistakes.

I was not going to post a write up for this but when I randomly saw other write up for this challenge. I realised that I solved this chall totally different way.
When I read the hint Access Control was the bug that I immediately thought of. So I went to challenge website and tried to guess what will be the resource path where user will be redirected to when logged in.
I tried
- http://2018shell1.picoctf.com:47150/user
- http://2018shell1.picoctf.com:47150/home
- http://2018shell1.picoctf.com:47150/profile

And guess what last one gave me the flag. I dont know if this was really intended bug but till now I was thinking that this is how it was supposed to be solved haha.

Peter QinApril 9, 2019, 12:46 p.m.

Love it,