Everyone Loves a Good Cookie


Cookies are used by websites to keep track of user sessions and help with authentication. Can you spot the issue with this site and convince it that you're authenticated?


After browsing to the website I was presented with a very simple login page.

After entering a code the webserver responds "Incorrect Code" and creates a cookie named "cm-authenticated" with a value of 0.

Using the Chrome Developer Tools I set the value of "cm-authenticated" to 1 and refreshed the page which revealed the flag:



Leave a comment