Step 1: Register
Register and see the main screen as showed in the screenshot:
Step 2: Click on the ‘View Rankings’ button
Clicking on ‘View Rankings’ will take you to the leaderboard. Here you’ll see a request to ‘fetch’. Open this up and send to repeater.
Step 3: Internal
Here we see a localhost:3000 leaderboard endpoint. Looks like we can manipulate this.
So change the word ‘leaderboard’ to ‘admin’ and send the request. You’ll get the flag in the response:
Thanks for reading and subscribe for more!
