Parameter Tampering | Task 5

kurtnettlekurtnettle
1 min read

Problem Statement

Prerequisites

  • Basic Web Knowledge (Http Requests like GET,POST)

  • Understanding the URL structure (ex. query params, form data, body)

Solution

Honestly, I was baffled by the simplicity of this challenge. If you have seen my write-up of Task2, you will remember that I told something about the temptation of poking the url params 😁

At first, I was just changing the parameters to different values without realizing that this was the expected solution 🤦‍♂️

After changing the id value, we can see it’s actually reflecting.

And this was all for this challenge. I had to ask the instructor whether this was they expecting or not. As I wasn’t finding anything else useful.

Conclusion

Even though I told this is very easy but this vulns is actually very powerful as its directly reflecting the changes you are making! With enough crafting you can make the server expose many useful information and sometimes the flag 🫣

Credits

  • Hashnode - for the amazing platform

  • BUBT AI Community - for the arrangement of CTF contest

0
Subscribe to my newsletter

Read articles from kurtnettle directly inside your inbox. Subscribe to the newsletter, and don't miss out.

bubtcybersafewebCTFCTF Writeup

Written by

kurtnettle
kurtnettle