Seek ( Web exploitation )

Challenge: Seek

  • Loaded into some webpage with only “submit query” can’t seem to input anything for SSTI or SQLi

  • Went to burp suite and intercept when getting into website

  • Realized that each time when pressing “submit query” it redirects to /ahhhhhhhhhhhhh

  • POST and GET back a response? (not rly sure)

  • From actions

  • Went into Target and Site map

  • Looked through each METHOD for the website

  • Saw a token that looks like hex text

  • Took it to cyberchef and decoded it for flag 🍩

LNC2022{s33k_4nd_s0ught_4ft3r}

PreviousEzgo ( Web exploitation )NextpicoCTF 2022 ( March )

Last updated