Flag is restricted to logged users only , can you be one of them.
By visiting the website, I got this!
So this is a hint that we have to deal with cookies, I visited the source code and I got this great information
so the source code gave me that
the cookie name: PHPSESSID
value: [^;]+)/
just putting these in the cookie’ browser (web developer extension)
I got this
Go to the directory gave me these three session’s values
I tried to test them as a value and I got this
So I went to the buirp suite and try to send the cookie in the body, the result of this gave me the valid user name which is mary
Sending the new cookie’s user & value gave me the flag
