image.png

Want to run this Docker container locally?

docker run -d --name flag-red71 --restart always -p 9052:80 joshbeck2024/ctf-nextjs-deep-dive-flag-red71

Next.js Vulnerability Overview

Register an account and log in. You’ll find that you can access the /bitcoin endpoint as an authenticated user, but the /dashboard endpoint is restricted.

image.png

$$ Analysis $$

image.png

The Topology:

image.png

Step 1: The Proxy Receives the Information

image.png