Yesterday's challenge had an entry that said 'next page=/apps', so we start there
The apps page has an app called the 'People Rater'

Clicking these names pops up a box that says something bad. Let's inspect the button

Interesting, looks like base64

And it is. Okay, so we can assume that when we click these buttons that it sends a request to an API that includes this field. Let's fire up burpsuite and and capture that request

Looks like the endpoint is `entry` and it takes the parameter `id`. When we decoded the base64 it said `id=2`, but that was the first name on the list. Where's `id=1`?
Let's see what happens when we pass `id=1`. First, base64 encode it

`eyJpZCI6MX0=`
Time to send it. (Right-click the request and `Send to Repeater`)

---
Back to [[_WebSite Publish/CTF/CTF Index|CTF Index]]
Tags: #ctf #api #web
Related: