Get a free coupon now and buy the flag at a discount!
Beginner Hint 1: Overview of the problem (AI-translated)
- When you access the page, a random session ID (
sid) is assigned. - When you access the
/buypage, if the balance associated with the session ID is 30 or more, you can "purchase" and view the flag. - The initial balance is 0, but accessing the
/redeempage allows you to get 10 balance in exchange for a coupon. However, after that, theredeemedflag becomestrue, and it looks like you can't use the coupon multiple times. - There is no way to increase the balance other than coupons.
Beginner Hint 2: Approach to the problem
- The implementation of
/redeemis a bit unnatural. It takes a few seconds to get the coupon when accessed, but can we exploit this specification?