Instructions
I tried to make my own version of cookie clicker, without all of the extra fluff. Can you beat my highscore?
By Khael (@malfuncti0nal on discord)
Solution
I found the following javascript function in the source code:
if (count >= 10000000) {
fetch('/click', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: 'count=' + count
})
.then(response => response.json())
.then(data => {
alert(data.flag);
});
}
We can just manually send a request to that url to get the flag:
% curl -X POST http://betta.utctf.live:8138/click -d 'count=9999999999'
{"flag":"Wow, you beat me. Congrats! utflag{y0u_cl1ck_pr3tty_f4st}"}