BugForge Write-Up 3/3/2026
- icanhaspii
- Mar 3
- 2 min read
Updated: Mar 5
BugForge Daily Challenge 3/3/2026 - Tanuki
Hint: SSRF.
Note:
If there is an admin account active for a lab, the credentials are admin:admin123
I launched Caido.
I checked to see if there was an admin login using the set/known creds, and there was. I logged out of that for now.
I created a user account and was taken to an app that appeared to behave a lot like an online trivia/game platform:
Next, following along w/ both the @_shadowforge__ and @7s26simon write-ups, @shadowforge_ had mentioned that upon login, there's a new "Leaderboard" tab (I believe "new" in this instance meant, for those of us who have been on the BugForge platform for a while, some of the CTF's get rotated a bit. So you might see Tanuki more than once, but the challenge inside the app may be different). Anyway, both write-ups seemed to suggest that the thing to do was click on the "Leaderboard" tab, so I did:
Over in my Caido proxy window, I noticed traffic for
"POST /api/fetch"so I highlighted that line, then right-clicked and selected, "Send to Replay -> Default Collection":
Next, moving over to the "Replay" tab, I hit the "Send" button so that we have a baseline of what the traffic "Response" looks like:
In the "Request" pane, still in the "Replay" tab, I changed the last line from:
{
"url":"http://localhost:3000/leaderboard"
}
to:
{
"url":"http://localhost:3000/admin"
}
Now, get ready, because when you hit the red "Send" button, you should see the flag over in the "Response" pane!!!
{
"message": "Admin endpoint accessed",
"flag": "bug{********************************}",
"admin_data": {
"server_version": "1.0.0",
"environment": "production"
}
}
##### End of Report #####
