← Back
It-happens-sometimes | Avishai’s CTF Writeups

Avishai's CTF Writeups

Yalla Balagan! A collection of my CTF writeups and solutions.

View on GitHub

We can see this home page.

The mission is to access the administartion section of the website, I tried to go to /admin, and got this basic auth pop window:

I tried my luck with HTTP Verb Tampering, which means changing the http method in the request, and it worked

The reason is because the developer didn’t gave use case for this, he checks if this is GET or POST, and then send to authentication. Otherwise, he just pass it without auth.

The password is 0010110111101001.