LOGON (picoCTF2019)
Description
Solution
When we click the link we can see the simpla website. As they said in task description let’s try to login here as “logon” (I left password field empty, but we can write anything here and it works). We can read that it succeed but we can’t see anything more here
First of all let’s check what we can find on cookies (using web developer tools - in my case for Opera) On this website session data is stored not on server but on client site and there is no integirty check mechanism so we can change some data like cookies and it will works
We can find here admin cookie with value set as False. Let’s try to set it as true
Save it and check everything is okey
Then back to our website and reload it. Bingo! Now we can see the flag
