# Under Development

There is nothing obvious on the website so let's check the Source:

<html lang="en">
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Web App Home Page</title>
<div> This web app is still under development. </div>

A comment about cookies? Let's inspect the cookie:


So we have a session cookie:
The `%3D` is url encoded for `=` so this already looks a lot like base64, let's decode it and check.


So it says user. Let's change that to something more privileged like `admin`. Base64 encode `admin` and just insert in into your session cookie.
Refreshing the site now displays the flag:

Original writeup (https://github.com/ipv6-feet-under/WriteUps-S.H.E.L.L.CTF21/tree/main/Web%20Security/Under%20Development).