Search History

Some websites store users searches in the database so that links to those searches are accessible later. This application emulates that functionality.

How to Solve

Navigate to the homepage of the application and perform a search with the network tab open.
Inspect the result. In the response body you will see a /searches/#num. This number increases every time you search.
Browse directly to <url>/searches/1 and you will see the results from that search but you will not see the actual query run.
Realize that the app is using json for some of its endpoints and browse directly to <url>/searches/1.json which will give you the actual query run, which in this case also contains the flag.

Flag

MCA{just_browsin'_my_search_history}

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
app		app
bin		bin
config		config
db		db
docker		docker
lib		lib
log		log
public		public
test		test
tmp		tmp
vendor		vendor
.gitignore		.gitignore
.ruby-version		.ruby-version
Dockerfile		Dockerfile
Gemfile		Gemfile
Gemfile.lock		Gemfile.lock
LICENSE		LICENSE
README.md		README.md
Rakefile		Rakefile
config.ru		config.ru
docker-compose.yml		docker-compose.yml
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Search History

How to Solve

Flag

About

Releases

Packages

Languages

License

mitre-cyber-academy/2018-Web-200b

Folders and files

Latest commit

History

Repository files navigation

Search History

How to Solve

Flag

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages