[NeverLAN 2019] - Dirty Validate
Description:
Solution Author:
Lucian Nitescu, as part of jmp 0xc0ffee team.
Solution:
In this challenge, we were prompted with a basic login form.
As a first step, I decided to take a look at the source code of the accessed web page. On the source code of the page, I discovered multiple ajax request that can be directly accessed by any user.
Retrieving all user accounts for the application:
Retrieving the base 64 encoded password for the Dr. Whom user account:
Decoding the base64 string:
The flag is: flag{D0n't_7rus7_JS}
This post is licensed under CC BY 4.0 by the author.