Web Application Challenge 1 - Doge Community

Accuracy: 100%

Prompt

Cyber Command: A new website was just launched called Doge Community. We believe there may be some vulnerabilities on this website as the website owner says that he keeps on getting hacked by hooligans. Help them identify the vulnerability.

Note: Your scope is limited to HTTPS & you may not use automated bruteforce tools for this challenge.

Answers

Q1 (20 pts) - What is the username of the website owner?
cheddar_holt

Q2 (30 pts) - What is the password of the account owner?
SUPER_GOOD_BOY_PA$$WORD

Q3 (50 pts) - What is the flag obtained after you login?
SKY-ZWXX-9737

Steps I Took

Q1 — Navigated to /robots.txt. It listed a hidden directory.

Went to that directory and it exposed the username.

Q2 — Went to the password reset page and entered the username. The page returned a black box.

Inspected it in DevTools — it contained an SVG path string.

Loaded the SVG path data into an online SVG path visualizer, which drew out the password visually.

Q3 — Logged in with the credentials. The flag was displayed on the account page.