Web - 40 Points
Take control… of the flag on this admin control panel.
We have a website which let you register with a username and a password. Wandering in the code we found this interesting hint, written as html comment:
to read the flag you need admin rights, which you don’t have if you register as a normal user. We needed a privilege escalation vulnerability, or something similar.
Maybe just setting
admin=true in the registration request will do the trick?
Yes, it did.