Animal Viewer

🦙🐻🐈️🐕️🐘

Beginner Hint: Client-Side Challenge (AI-translated)

Client-side challenges target vulnerabilities caused by processing that runs in a web browser, such as JavaScript, the DOM, and CSS.
In this type of challenge, you are given not only the web application instance but also another instance called the Admin Bot.
The Admin Bot holds secrets such as the flag and automatically executes client-side behavior using a browser like Headless Chrome.
Client-side behavior includes actions such as visiting pages and submitting forms.
The goal of a client-side challenge is to exploit vulnerabilities in this browser-side behavior and steal secrets held by the client.
In this challenge, the Admin Bot sets the flag in a cookie and can visit an arbitrary page.
Another common stumbling point is the URL format you pass to the Admin Bot.
The Admin Bot uses animal-viewer as the cookie domain, and due to how Docker Compose networking works, it can access the web application at http://animal-viewer:3000.
Therefore, the URL you submit to the Admin Bot must be http://animal-viewer:3000, which matches the cookie domain, rather than the IP address shown in the challenge statement.

Writeup for reused n tadanobutubutu ja reused n 5 hours ago
Writeup for reused n baumroll1234 ja reused n 6 hours ago
Writeup for Daily AlpacaHack 5/3-5/9 kakur41 ja reused n +6 7 hours ago
Writeup for reused n goroshirow ja reused n 7 hours ago
Writeup for Vending Machine baumroll1234 author ja Vending Machine 9 hours ago
Writeup for Vending Machine tadanobutubutu ja Vending Machine 12 hours ago
Daily AlpacaHackに挑戦するつくよみちゃん 05/08 misc/Vending Machine/baumroll1234 tsukuyomi-chan ja Vending Machine 13 hours ago
Daily AlpacaHackに挑戦するつくよみちゃん 05/07 misc/Permission Denied 3/minaminao tsukuyomi-chan ja permission denied 3 13 hours ago
Writeup for Vending Machine nozokare ja Vending Machine 14 hours ago
Writeup for permission denied 3 nozokare ja permission denied 3 14 hours ago

Daily AlpacaHack