ReqProcessor

SCENARIO

An invoice processing system with a public interface and an admin panel sitting right out in the open. The admin panel runs a custom request processor that handles sensitive operations, and it has its own authentication format.

You have full access to the source code. Read how the request processor validates input, and ask yourself whether it actually does what it thinks it does.

Flag format: flag{}

Infrastructure

- Docker Container — HTTP on port 3000

Provided Files

- reqprocessor.zip (14.8 KB)