Indoor WebApp
Description
Solve Walkthrough
Given a web app that we can see personal information, but notice that every person is have unique id:
?user_idvalue parameters.
I try to change it to person 2 or
?user_id=2and I got the flag.
We can perform brute force attack to check if the spesific
user_idis exist or not by using Burp Suite or simply cURL (combined with for/while loop).
Luckily, we just have 3 available users.
Flag
OSCTF{1nd00r_M4dE_n0_5enS3}
Last updated