First, we have the website http://web.easyctf.com:10206/ , let go and do register and log in. But when login, It always go back to register. Let note: “Infinity Star”, because the website is on testing, I try to do register with in a “Infinity name account” -_- !! ( hex(100) = dec(256) I think it is “Infinity” :v ).
look like it has been infinity (the name and money is nothing)
but when I send money for anyone it’s doesn’t work because it’s block me 😥
Let see the code
yes, we can submit by the link http://web.easyctf.com:10206/api/bank/transfer?amount=100&recipient=%100joker
Of course it’s no simple like that :p
Let see hint “If the transfer money feature is still under testing, who do you think can use it?”
admin will check for me, please report it 😀
At this state, I use Tamper Data
wait a minute and buy flag 😀
This post is very sparing, if you have another way to do it, please comment below, Thanks 😀
GGWP by l4cl0i – TKOX
0xD0ff9 