picoCTF - Web Exploitation - Power Cookie
Web Exploitation - Power Cookie - writeup description Can you get the flag? Go to this website and see what you can discover. writeup Looking at the check.php function I can see that it requests a cookie ‘isAdmin’. That cookie is not present at the first visit of the page. So lets refresh the webpage. Now the cookie is present. The value of this particuluar cookie is ‘0’ currently. So lets change it to ‘1’ and refresh the page once more.picoCTF - Web Exploitation - Local Authority
Web Exploitation - Local Authority - writeup description Can you get the flag? Go to this website and see what you can discover. writeup Once I open the link http://saturn.picoctf.net:51419/ in firefox I get to a page “Secure Customer Portal”. I can see a login form with username and password. On the website I see a hint: Only letters and numbers allowed for username and password. I tried to do a simple post request to the login.picoCTF - Web Exploitation - Inspect HTML
Web Exploitation - Includes - writeup description Can you get the flag? Go to this website and see what you can discover. writeup Once I opened the website http://saturn.picoctf.net:60935/ in firefox and looking at the source code I could immediately find the flag inside a comment in the html source code: 1 <!--picoCTF{1n5p3t0r_0f_h7ml_ab1df88d}--> So the flag is: 1 picoCTF{1n5p3t0r_0f_h7ml_ab1df88d}picoCTF - Web Exploitation - Includes
Web Exploitation - Includes - writeup description Can you get the flag? Go to this website and see what you can discover. writeup Ok so I went ahead and visited the url http://saturn.picoctf.net:52811/ in firefox. I am presente with a webpage with a bunch of text and a button that says “Say hello”. Once I press that button I get a javascript alert() popup that says “This code is in a separate file!