The application was vulnerable to a logical flaw in the password reset mechanism that allowed unauthorized password resets. By exploiting this flaw, we reset the admin user's password. This privilege escalation allowed access to an admin-only weapon dispatch feature, which included a command injection vulnerability via unsanitized curl execution in Markdown parsing. Combining both vulnerabilities led to command execution and flag retrieval.
This challenge involved client-side reconnaissance through JavaScript .map and .js files served by a Next.js application. By mining and crawling those files, we uncovered hidden API endpoints, enumerated users via an inquire endpoint, and eventually downloaded user-specific transaction PDFs to retrieve the flag.
The application has an IDOR (Indirect Object Reference) vulnerability which can be used to retrieve the flag.
GitHub Codespaces is a cloud-based development environment that allows developers to instantly spin up a fully configured, containerized VS Code environment directly from a GitHub repository. It eliminates the need for manual setup and ensures consistency across development environments by using devcontainers. With support for Visual Studio Code and browser-based editing, Codespaces enables fast onboarding, seamless collaboration, and streamlined CI/CD workflows, making it ideal for modern DevOps and remote development scenarios.