Passing through the picoCTF web challenges, the chosen challenge is called "GET aHEAD", which means that's something about requests of a web page, maybe a GET request, or something in the Header parameters response.
First, let's look at the page:
A simple page that changes the background of the page.
If the user selects Red, the page background-color changes to red.
If the user selects Blue, the page background-color changes to blue.
First let's check the requisition on the Postman, maybe I can find something useful there.
First I did a GET Request, but nothing useful came in the header response. Playing a little with the options, I found the request for HEAD, and then tried to send a standard request:
With only that change, the response headers have the final CTF flag :
Answer:Flag
Flag : picoCTF{r3j3ct_th3_du4l1ty_70bc61c4}
That was a simple flag, to make the user learn that not only exists the GET and POST Request Methods.
Top comments (0)