HTTP - POST

Description: Find a way to beat the top score!
Difficulty: Easy

🔎 Solution

The challenge provides a website featuring a simple game between a human and a machine. When clicking the "Give a try" button, the application automatically generates a number, and to win the game, our number must be greater than 999999.

However, by inspecting the page source, we can see that the random number is generated in the range from 0 to 1000000. This means the probability of randomly hitting exactly 1000000 to win the game is extremely low.

<form action="" method="post" onsubmit="document.getElementsByName('score')[0].value = Math.floor(Math.random() * 1000001)">
	<input type="hidden" name="score" value="-1" />
	<input type="submit" name="generate" value="Give a try!">
</form>

The solution is straightforward: intercept and modify the request using Burp Suite, and change the score parameter to any value greater than 999999. After sending the modified request, the application considers it a win and returns the flag.

🚩Flag

H7tp_h4s_N0_s3Cr37S_F0r_y0U

🔎 Solution​

🚩Flag​

🔎 Solution

🚩Flag