[CTF] root-me Challenges/Realist/The-h-ckers-l4b Write-up

in #write-up8 years ago (edited)

Challenge URL

Clues

  • log page
  • csrf attack

Let's solve

find /log/

try to access /log/log.php

change http method for bypass auth

let's go admin login!
but, already logged in.

try csrf, disconnet admin.
using BBCode

success, disconnected admin.

login and aexploit menu, get the flag!

#technology #security
8 years ago in #write-up by
$0.00
    2 votes
    Reply 0

    Coin Marketplace

    STEEM 0.10
    TRX 0.32
    JST 0.032
    BTC 115165.58
    ETH 4229.86
    USDT 1.00
    SBD 0.66