PicoCTF2022 - Local Authority
Description
Can you get the flag? Go to this website and see what you can discover.
Information
Point Value: 100 points
Category: Web Exploitation
Hints
- How is the password checked on this website?
Solution
Open the link. Noting that the webpage displays a PHP login, we want to look for an insecure way to login, obtaining both the username and password. Right click anywhere on the page and click on "View Page Source". Finding the secure.js file, we find the login username ("admin") and password ("strongPassword098765") that will authorize login. Using these credentials back on the original webpage to login shows the flag. Copy and paste the flag displayed.