URL: https://lab13.sqrsec.com/

Difficulty: Medium

Login: wally:wally

Notes:

  1. No password/account bruteforce is needed!

  2. XSS is out of scope

  3. Only the web interface port 443 is in-scope

Objective

  1. Trick the app and buy the flag without paying!

  2. The flags are in a format similar to SqrSec Flag : UUID