I created a paste-sharing site the other day. Since client-side is faster, I decided to retrieve the entire database and store it client-side. No one should be able to see it, right? Prove me wrong by finding the admin password. page
What's wrong with storing things on the client's browser?
Since the "database" of users is stored client-side, you should be able to view them from the source:
var users = [
{ username: "admin", password: "easyctf{cr4zy_p4ssw0rds}" },
{ username: "tom", password: "easyctf{9et_r3kt}" },
{ username: "becky", password: "easyctf{w0w_so_s3cure}" }
];The flag is the password of the admin user, or easyctf{cr4zy_p4ssw0rds}.
easyctf{cr4zy_p4ssw0rds}