[CTF] root-me Challenges/Realist/The-h-ckers-l4b Write-up

in write-up •  7 years ago  (edited)

Challenge URL

Clues

  • log page
  • csrf attack

Let's solve

find /log/

try to access /log/log.php

change http method for bypass auth

let's go admin login!
but, already logged in.

try csrf, disconnet admin.
using BBCode

success, disconnected admin.

login and aexploit menu, get the flag!

write-up technology security
7 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.00
    2 votes
    0
    Authors get paid when people like you upvote their post.
    If you enjoyed what you read here, create your account today and start earning FREE STEEM!