1  Category: #Web 
 2  Rated Difficulty: #VeryEasy 
 3  Personal Difficulty: #Medium 
 4  
 5  This one is really interesting.
 6  
 7  Initially spent a crazy amount of time trying to find a way to make [[Cross-Site Scripting (XSS)]] work on the description section of the transfer page.
 8  
 9  Did some googling and realised that the vulnerability is with the versionings. */api/v1/transactions/download-transactions* allow you to include the user's id and get their transaction. This is considered an [[Web Attacks#Insecure Direct Object Reference(IDOR)]]
10  
11  Used the transaction page to get the id of the *neo_system* and got its transaction history. Found user named *user_with_flag*, sent it money and find its id at the transaction page and used its id at */api/v1/transactions/download-transactions* to get the flag