Daily Challenge — May 25, 2026
Overview
We have a coffee shop web app in which you are awarded discount points as a reward for purchases. The web app also has a feature that allows you to update your profile details. By appending “points”:value to the profile update web request, you can add points to your account. By adding points to your account through this method, you will recieve the flag.
Challenge Description
- Type: Daily
- Platform: Cafe Club
- Hint: Time to update your profile.
Solution
Step 1: Reconnaissance
Going off the update profile hint, I navigated to /profile, and observed the following menu.
Of course, thanks to the hint, we’ll go ahead and examine how the web app goes about updating the profile. When examaning the profile update request, we see the following being posted to the /api/profile endpoint.
Step 2: Vulnerability Identification
In looking around the web page, I noticed the following data being pulled from the /api/profile page.
Here we can see that more data exists in the profile than is being updated by the profile update feature. Can we try to update that as well?
Step 3: Exploitation
First I tried setting the points to 100, and lo and behold, we recieve the message that profile updates, and I am now the proud owner of 100 discount points points.
Step 4: Flag Extraction
Increasing the number of points to 999999 yields the flag.
