Challenge Description

"There's this new dating app called 'Valenfind' that just popped up out of nowhere. I hear the creator only learned to code this year; surely this must be vibe-coded. Can you exploit it?"

Table of Contents

  1. Reconnaissance

  2. Initial Access

  3. Vulnerability Discovery

  4. Exploitation

  5. Flag Retrieval

  6. Mitigation Recommendations

Reconnaissance

Step 1: Initial Application Enumeration

First, we probe the target application to understand its structure and technology stack.

curl -i http://10.82.147.111:5000

Response Analysis:

HTTP/1.1 200 OK
Server: Werkzeug/3.0.1 Python/3.12.3
Date: Fri, 13 Feb 2026 16:09:05 GMT
Content-Type: text/html; charset=utf-8

Key Findings:

  • Flask web application (Werkzeug server)

  • Python 3.12.3

  • Standard dating app interface with registration/login functionality

Step 2: Exploring Available Routes

# Check registration page
curl -i http://10.82.147.111:5000/register

# Check login page
curl -i http://10.82.147.111:5000/login

Discovered Routes:

  • / - Homepage

  • /register - User registration

  • /login - User authentication

  • /dashboard - User profiles (requires authentication)

  • /my_profile - User profile management

  • /complete_profile - Profile completion

🔐 PREMIUM WRITEUP - MEMBERSHIP REQUIRED

🌟 Get Instant Access

Unlock the complete step-by-step solution, techniques used, notes, and exclusive insights by becoming a member.

Membership

Why Go Premium?

  • Early access to full detailed writeups

  • Passwords for active CTF solutions

  • Advanced exploitation techniques

Upgrade once - unlock everything instantly.

💬 Need help while solving?

I’ve got your back - reach out anytime:
Email: [email protected]

Keep hacking, keep learning, keep winning. 🎯

Keep Reading

© 2026 Andrés.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv