Tags: code analysis source warmup web 

Rating:

**Description**

Welcome to the web!
https://charlotte-tlejfksioa-ul.a.run.app/

**Knowledge required :**
1) Basic Understanding of HTML source code
2) Basic Understanding of HTTP methods

**Solution:**

1) Looking at the site and pressing the button on it does not lead to anywhere
2) Naturally we look into the source code
3) We spot a comment hinting to a `/src` directory
```
<button onclick='start()'>click me for the flag</button>

```
4)Visiting the directory reveals a source code that hints to another directory that contains the flag:
```
@app.route('/super-secret-route-nobody-will-guess', methods=['PUT'])
def flag():
return open('flag').read()
```

5) Accessing the directory via the PUT command gives us the flag.(I did it with Burp Suite as I observe the site from there, it can be done with curl as well)

```
wctf{y0u_h4v3_b33n_my_fr13nd___th4t_1n_1t53lf_1s_4_tr3m3nd0u5_th1ng}
```