Broken Access Control
Mountain West Cyber Challenge Broken Access Control Challenge
Challenge description:
You are John, a student at the school. There is a flag hidden somewhere in the website. You might need to gain access to admin privileges for the information you seek. Here are your credentials for the website: username: John password: johndoe123
Hm, lets try something before we log in. In the browser we can see that we’re at https://dockeridgohere.challenge.hackazon.org/login, what if we went to https://doesanyonereadthese.challenge.hackazon.org/admin.
Holy shit that actually worked.
FLAG: CTF{5468697365626f6f6b6973666f727468}
This post is licensed under CC BY 4.0 by the author.