Web Exploitation - Power Cookie - writeup

description

Can you get the flag? Go to this website and see what you can discover.

writeup

Looking at the check.php function I can see that it requests a cookie ‘isAdmin’.

That cookie is not present at the first visit of the page.

So lets refresh the webpage.

Now the cookie is present.

The value of this particuluar cookie is ‘0’ currently.

So lets change it to ‘1’ and refresh the page once more.

I am immediately presented with the flag:

1

picoCTF{gr4d3_A_c00k13_1d871e17}