I visited the Page which looked like this:
First i tried out what the website is doing.
When I clicked on the button, it adds or subtracts a value and show how much I won or lost.
Next I opened the developer tools went to the network tab and reloaded the website.
When I then clicked the button, I saw a request is being sent to https://debt-simulator-login-backend.web.hsctf.com/yolo_0000000000001.
I opened this page and it showed me a response from a request.
The content of this response were a functions parameter with a list that contained 'getPay',
'getCost' and 'getgetgetgetgetgetgetgetgetFlag'.
The last one seemed really suspicious to me.
Then I started Burpsuite, opened a new project and went to the first URL again.
When I now clicked the button, Burp intercepted the request and
I saw 'function=getPay' at the bottom.
After changing getPay to getgetgetgetgetgetgetgetgetFlag
I forwarded the request and went back to the website.
There we have our flag =)
No comments:
Post a Comment