19 – Client Side is Still Bad


I forgot my password again, but this time there doesn’t seem to be a reset, can you help me? http://2018shell.picoctf.com:8420 (link)


clicked on signing and said success

inspect code

not much in there, lets take a look at the network tab

and the header request and response 

found login

response header has set-cookie: admin=False

let change that to true

copied the curl link and replaced admin=True pasted it in insomnia and it returned 


%d bloggers like this: