Micro-CMS v2 Flag0 -- Found Regular users can only see public pages Getting admin access might require a more perfect union Knowing the password is cool, but there are other approaches that might be easier Flag1 -- Found What actions could you perform as a regular user on the last level, which you can't now? Just because request fails with one method doesn't mean it will fail with a different method Different requests often have different required authorization Flag2 -- Found Credentials are secret, flags are secret. Coincidence?