We can see the description first:
Description:
7amamaBook is a social media website where people can sign up and share with each other. It has a bug bounty program and you found a bug and reported it but they refuse to pay you so you want to give them a payback by hacking it.
Then I open the webpage(http://178.63.58.69:8082/bounty.php), I find the web manager post something like this:
We don’t pay for CSRF vulnerability.
OK, there must have a CSRF vulnerability on this website. Let’s hack it!
I register a account test233 first. Then user this account to log in this website.
When I check the view-source of the homepage I find a link: http://178.63.58.69:8082/settings.php
On this page there is nothing to defend the CSRF attack, so we can change anyone’s password as we can.
I also find another very important link: http://178.63.58.69:8082/profile.php?user=7atata
Sorry, you can’t view this post.
This post’s privacy is set to “Only me”</p>
This post’s privacy is set to “Only me”</p>
This remind us to update the password of the user 7atata.
And then we get to that page, we find the flag is over there