Rating: 3.5

## [Original/source writeup](https://bigpick.github.io/TodayILearned/articles/2020-10/b01lersbootcamp#find-that-data)

On the given site's URL, we see the following in the source code:

function login(username, password) {
if (username == "CLU" && password == "0222") {
window.location = "/maze";
} else window.location = "/";

Use that info to login. Once logged in, we get an interactive maze page.


So, the goal is to get to the bottom left. However, as you can see in the above GIF, that will be impossible, since the barrier never moves off the corner.

We can inspect the maze’s source code by inspecting the js/maze.js file. The file has a bunch of stuff that’s just needed to make the maze possible, but the important function to us is the following:

function check_data() {
if (x === 1 && y === maxRows) {
$.post("/mem", { token: $("#token").html() }).done(function(data) {
alert("Memory: " + data);

Basically, it says that if our x position is 1 (i.e the far left), and our y position is the max (i.e the bottom), it writes what we imagine is the flag out as an alert.

However, we can just cheese this by directly calling this function with these values hardcoded in the console in dev tools, via `check_data(x=1,y=maxRows)`.