PicoGym: GET aHEAD#

Passing through the picoCTF web challenges, the chosen challenge is called “GET aHEAD”, which means that’s something about requests of a web page, maybe a GET request, or something in the Header parameters response.

First, let’s look at the page:

Image description

A simple page that changes the background of the page. If the user selects Red, the page background-color changes to red. If the user selects Blue, the page background-color changes to blue.

First let’s check the requisition on the Postman, maybe I can find something useful there.

Image description

First I did a GET Request, but nothing useful came in the header response. Playing a little with the options, I found the request for HEAD, and then tried to send a standard request:

Image description

With only that change, the response headers have the final CTF flag :

Answer: Flag

Image description

picoCTF{r3j3ct_th3_du4l1ty_70bc61c4}

That was a simple flag, to make the user learn that not only exists the GET and POST Request Methods.

Previous CTFChallenge - VulnBegin Flags PicoGym: Mod 26 Next