Back to Hub

Level 02 - Training Admin Panel

Category: Web logic, Authorization | Difficulty: Easy

An authorization check in a training admin endpoint is intentionally weak.

What participants receive: API endpoint GET /api/level02

Objective: Obtain the admin-only response and recover the level flag.

curl https://ctf-trpl-wbi.vercel.app/api/level02
curl -X POST https://ctf-trpl-wbi.vercel.app/api/level02 \
  -H "content-type: application/json" \
  -d '{"campusRole":"<your-role>"}'