Tags: web 

Rating:

#### Computeration (web, 14 solves, 333 points)
>Can you get admin's note? I heard the website runs >only on client-side so should be secure...
>
>https://computeration.web.jctf.pro/
>
> If you find anything interesting give me call here: https://computeration.web.jctf.pro/report
>
>The flag is in the format: justCTF{[a-z_]+}.
>
>Happy hacking!!

#### Unintended solution
It was supposed to be a hard challenge but the original challenge had an unintended (but not unthought of) vulnerability that led to a trivial solution and hence revealign a huge hint towards the intended solution. It was solved by 103 teams. The reason behind the vulnerability was a typo I made in the response headers and which was:

```HTTP
Referrer-policy: no-referer
```

Can you spot the typo? I typed `no-referer` instead of `no-referrer` which resulted in `unsafe-url` being set. Because of which, any URL sent through the form would leak the secret endpoint to admin's "login page" :face_palm:.

![](https://i.imgur.com/xDFRqHo.png)

By sending the URL from the referer one can see:

![](https://i.imgur.com/8ESPDSS.png)

Indeed, the flag was **justCTF{cross_origin_timing_lol}**

Original writeup (https://hackmd.io/@terjanq/justCTF2020-writeups#Computeration-web-14-solves-333-points).