LIT CTF 2023 - unsecure
Description
Category: Web
As it turns out, the admin who runs our website is quite insecure. They use password123 as their password. (Wrap the flag in LITCTF{})
Link : litctf.org:31776
Resolution
After we go to the page we can only see this message:
1
Try going to /welcome instead of here
So we go to /welcome and we can access to the login page and we try to log in as admin using the password provided in the description of the challenge password123:
Then we can see that we were redirected to multiple pages and we landed on https://en.wikipedia.org/wiki/URL_redirection.
I used Burp suite to intercept all requests to deal with each redirection.
We are first redirected to /there_might_be_a_flag_here then to /ornot and finally to something like a flag /0k4y_m4yb3_1_l13d.
And we validated the challenge with the flag: LITCTF{0k4y_m4yb3_1_l13d}.