on flag 1 what was the hint about? what does it mean by saying "What actions could you perform as a regular user on the last level, which you can't now?"
I write to better educate myself as I go through CTFs and Bug Bounties. If anything I have written is incorrect, please let me know and send me a link to an article to read to better educate myself.
Location
Seattle
Education
Information Technology BA and Software Engineering Bootcamp Grad
It's saying that logged out users should not be able to edit pages, but in fact, if you can simulate the right POST request, it'll still go through, even when logged out.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
on flag 1 what was the hint about? what does it mean by saying "What actions could you perform as a regular user on the last level, which you can't now?"
I assumed that it was talking about how a regular users can only view pages but an admin can edit them and that is why the flag is on
/page/edit/2
.It's saying that logged out users should not be able to edit pages, but in fact, if you can simulate the right POST request, it'll still go through, even when logged out.