Skip to main content
Hashnodekurtntettle's blog

Command Palette

Search for a command to run...

Parameter Tampering | Task 5

web 𖧹 ??pts

Updated
1 min read
S
Shaikh Shafeen
Building solutions of my daily life problems with code.
Part of seriesCYBER SAFE II | BUBT

Problem Statement

Prerequisites

  • Basic Web Knowledge (Http Requests like GET,POST)

  • Understanding the URL structure (ex. query params, form data, body)

Solution

Honestly, I was baffled by the simplicity of this challenge. If you have seen my write-up of Task2, you will remember that I told something about the temptation of poking the url params 😁

At first, I was just changing the parameters to different values without realizing that this was the expected solution 🤦‍♂️

After changing the id value, we can see it’s actually reflecting.

And this was all for this challenge. I had to ask the instructor whether this was they expecting or not. As I wasn’t finding anything else useful.

Conclusion

Even though I told this is very easy but this vulns is actually very powerful as its directly reflecting the changes you are making! With enough crafting you can make the server expose many useful information and sometimes the flag 🫣

Credits

  • Hashnode - for the amazing platform

  • BUBT AI Community - for the arrangement of CTF contest

#bubt#cybersafe#web#ctf#ctf-writeup
12 views

Comments

Join the discussion

No comments yet. Be the first to comment.

CYBER SAFE II | BUBT

Part 2 of 4

My write-ups for the CTF Contest arranged by the AI Community of BUBT. I like to hear others' instincts about their approach, so I tried to share mine! The contest was a mixture of web challenges only.

Up next

Shell Upload | Task 6

web 𖧹 ??pts

More from this blog

kurtntettle's blog

22 posts

Just a developer solving random problems and documenting here.