Description
Request to the flag is forbidden due to wrong CSRF token … can you fix it and reveal the flag
Difficulty: hard
Challenge Link: https://cybertalents.com/challenges/web/wrong-token
Solution
Exploration
Opening the website we will find the following web page:
Reading the source code we will find that we need to make a JSON request containing some data:
the request should look like the following:
1
{"action": "view_flag", "_token": "asdjhDJhfkjdI"}
if you send this request you will receive this error:
Failed Comparison ( incoming CSRF token != Session CSRF token )
Exploitation
It seems that there is some sort of verification on this CSRF token, so we need to think of a way to bypass it.
First, I tried to remove the whole parameter but it didn’t work. I tried to remove the value only but still nothing.
Finally, I changed the data type from string to a boolean value equals True and it gives me the flag.
