# NeverLan CTF 2018: Das_blog

**Category:** Web Exploitation
**Points:** 200


>John made a new web site go check it out


## Write-up

In source of login.php we have login & password for dev account:

If we look at the cookies we will find this:

So, mabye we change it to admin?

Yes! After change and reload main site we have:
>You have ADMIN permissions

And our flag is:

Original writeup (https://github.com/Pwn-Collective/CTF-writeups/tree/master/NeverLan-CTF-2018-writeup/Interweb/Das_blog).