>/Ctf_tasks/API_lvl_2 $

cd ..

Estimated reading time: 1 minutes

Category: Web

Difficulty: Beginner

Okay, it seems the headers weren’t secure enough, so I implemented a simple login system with a username and password. I had to add a JSON parser, but I didn't have time to read the documentation, so I wrote my own. Hope it's not vulnerable!

Here are the public credentials:

Username: test
Password: test
ID: 1337

Requirements:
* Tool: curl or Postman

curl -X POST https://barry-dev.xyz/api/v2/flag -H "Content-Type: application/json" -H "api-key: your-api-key" -d "{\"username\": \"test\", \"password\": \"test\", \"id\": 1337}"

Note: You can find and copy your API key from your profile.