Tags: cookie web 


# ▼▼▼Sweeeeeet(Web:50、174/696=25%)▼▼▼

This writeup is written by [**@kazkiti_ctf**](https://twitter.com/kazkiti_ctf)

Do you like sweets?
author: codacker


## 【Check】

GET / HTTP/1.1

HTTP/1.1 200 OK
Date: Thu, 04 Apr 2019 12:30:21 GMT
Server: Apache/2.4.25 (Debian)
X-Powered-By: PHP/7.3.3
Set-Cookie: UID=f899139df5e1059396431415e770c6dd; expires=Sat, 06-Apr-2019 12:30:21 GMT; Max-Age=172800
Vary: Accept-Encoding
Content-Length: 353
Connection: close
Content-Type: text/html; charset=UTF-8

<html lang="en">

<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">

<h2>Hey You, yes you!
are you looking for a flag, well it's not here bruh!
Try someplace else<h2>



Only here is suspicious.Seems to be MD5

`Set-Cookie: UID=f899139df5e1059396431415e770c6dd`

↓ Google search



## 【exploit】

Try to send MD5 from `0` to `101`

Only the following response was different


GET / HTTP/1.1
Cookie: UID=cfcd208495d565ef66e7dff9f98764da

`Set-Cookie: FLAG=encryptCTF%7B4lwa4y5_Ch3ck_7h3_c00ki3s%7D%0A`