Everyone loves free utilities, don't you? Can you bypass the payment and read other people's bills instead?
/login to login/register to register
/login
/register
Creds: test02@ctf.ae:test02@ctf.ae
test02@ctf.ae:test02@ctf.ae
Only working route is /pay_fees
/pay_fees
We are supposed to pay $10k, but we only have $0. Temper with the request and change amount to negative. Now our account has enough money to pay fees.
Giving us money yields no result of flag.
We are redirected to /checkout/<id:int> to see the receipt, but also not much.
/checkout/<id:int>
Tempering with IDOR /checkout/0 we get the flag
/checkout/0
Flag: flag{xOkSO52gXsC2ROhZlylpvYEN1SaUJwgm}
flag{xOkSO52gXsC2ROhZlylpvYEN1SaUJwgm}
Last updated 8 months ago
