mediumweb live target150fm· 1 solves
Ghost in the Params
HackerOcean's staff directory is served live at /api/ctf/staff/{id}. Your recruit id is 1337 — try it. Then realize nothing stops you from asking for other ids. The founder is id 1, and they left something in their record they shouldn't have. This endpoint is genuinely live and genuinely vulnerable — exploit it to get the flag.
// live target
https://vaultocean.com/api/ctf/staff/1337this endpoint is live and intentionally vulnerable — exploit it.
// hints
// submit flag
Sign in to submit and record your solve.