LIT CTF 2023 - unsecure
Description
Category: Web
As it turns out, the admin who runs our website is quite insecure. They use password123 as their password. (Wrap the flag in LITCTF{})
Link : litctf.org:31776
Resolution
After we go to the page we can only see this message:
1
Try going to /welcome instead of here
So we go to /welcome
and we can access to the login page and we try to log in as admin
using the password provided in the description of the challenge password123
:
Then we can see that we were redirected to multiple pages and we landed on https://en.wikipedia.org/wiki/URL_redirection
.
I used Burp suite to intercept all requests to deal with each redirection.
We are first redirected to /there_might_be_a_flag_here
then to /ornot
and finally to something like a flag /0k4y_m4yb3_1_l13d
.
And we validated the challenge with the flag: LITCTF{0k4y_m4yb3_1_l13d}
.