Everyone Loves a Good Cookie

Challenge:

Cookies are used by websites to keep track of user sessions and help with authentication. Can you spot the issue with this site and convince it that you’re authenticated?

Solution:

After browsing to the website I was presented with a very simple login page:

After entering a code the webserver responds “Incorrect Code” and creates a cookie named “cm-authenticated” with a value of 0.

Using the Chrome Developer Tools I set the value of “cm-authenticated” to 1 and refreshed the page, which revealed the flag:

Published:

Updated:

Leave a comment