# Watermelon Writeup

- **Category:** Web
- **Points:** 120
- **Difficulty:** Easy

## Challenge Description

All love for Watermelons ???
Note: The code provided is without jailing, please note that when writing exploits.

## Challenge Files

[here](https://github.com/hanzalaghayasabbasi/BlackHat-MEA-2024-Qualifiers-Write-Ups/tree/main/Watermelon-src)

## Steps Taken

#### 1. **Registration and Login**

I navigated to `/register` and registered a user.


Next, I logged in using the newly created username and obtained the session cookie. I then copied the session cookie.


#### 2. **Exploration and Exploitation**

Upon analysis, I discovered that the admin password is stored in `app/app.py`. I also identified a file traversal vulnerability in the `/upload` directory.


The files are stored in `/file/1`. Initially, Burp Suite didn't reveal much, so I used `curl` to retrieve the `app.py` file. As a result, I successfully obtained the admin password.


As a result, I successfully obtained the admin password.


#### 3. **Gaining Access**

I logged in with the admin credentials and copied the session cookies.


#### 4. **Flag Retrieval**

Finally, I sent a GET request to `/admin`, pasted the session cookie, and successfully retrieved the flag.


Original writeup (https://github.com/hanzalaghayasabbasi/BlackHat-MEA-2024-Qualifiers-Write-Ups/blob/main/Watermelon.md).