[CTF] root-me Challenges/Realist/The-h-ckers-l4b Write-up

in #write-up8 years ago (edited)

Challenge URL


Clues


  • log page
  • csrf attack

Let's solve


find /log/

try to access /log/log.php

change http method for bypass auth

let's go admin login!
but, already logged in.

try csrf, disconnet admin.
using BBCode

success, disconnected admin.

login and aexploit menu, get the flag!