Created: 2022-08-02
Tags: #fleeting
https://31baf7363e8d638ae949c8aea84f4cd6.ctf.hacker101.com/login
Login page is vulnerable to sql injection
So there's an image link that's unavailable
https://static1.squarespace.com/static/54e8ba93e4b07c3f655b452e/t/56c2a04520c64707756f4267/1493764650017/
It says, cannot be displayed because it contains errors.
This is not a just a paragraph thing since the server did return 404 not found
https://7272212b12ecc54e093a0426efbd437f.ctf.hacker101.com/page/7
The link above says
Forbidden
You don't have the permission to access the requested resource. It is either read-protected or not readable by the server.
1st Flag Found! :D
It suddenly click to me that you can edit files.
We could still edit the file by accessing page/edit/7 and that's how I saw the flag :D