.png)
2 weeks ago
29 BOOK THIS SPACE FOR AD
ARTICLE AD
Day 2 of my one-CTF-a-day journey, and I’m back with MicroCMS v1, tackling Flag 3. This one is still on the easier side, but I’ll break down the steps I took to capture the flag and share what I learned from the process. Let’s dive in!
While creating a page, I noticed that each page is assigned an ID. The first two pages were assigned IDs 1 and 2, which got me thinking — what might be hidden in the IDs between 2 and 13?
Using Burp Suite Repeater, I sent a series of GET requests to /page/{ID} to explore further. Most of the responses returned a "404 Not Found," but when I sent a GET request to /page/5, I got a "403 Forbidden." This immediately caught my attention—why would one ID return a different response?
Curious, I went back to Burp to see if any other endpoints used these IDs. That’s when I noticed IDs were also present in /edit. This was my next lead, so I tried sending a GET request to /page/edit/5. And boom—there it was, the flag!
It’s always fascinating to see how small details, like the way IDs are handled, can lead to uncovering sensitive information.
Bengali (Bangladesh) · 
English (United States) ·