What is CTFLearn? CTFLearn is a jeopardy-style CTF where points are received after solving the problems and gaining the flag. The player with highest number of points is on top of the leader-board. However, unlike other CTFs where a party makes the question and players solve it, CTFLearn allows you to post your own questions too. What was the vulnerability? The edit functionality in the application allows the problem creator to edit the problem. If an user tries to edit a problem that he doesn't own then he will be redirected to the view problem functionality. However, in the redirection HTTP response, the body of edit problem functionality is thrown. Hence, the edit problem functionality discloses the flag when accessed by user who didn't create the problem. I will go into details of this on the upcoming parts. This was an information disclosure vulnerability caused due to broken access control. What was the impact? The flag was being disclosed which means tha...