Hidden Report | CyberStart Completion

Hidden Report


One of the ways we’ve been investigating the gang and their bike shop is by actually buying products from them online. We’ve spotted a piece of functionality that we think might be exploitable, allowing us to get more information on other customers (some of which we think might actually be helping them with their plans to steal the eBikes).

Have a look at our account page on the site, it allows you to generate a report of your transactions. See if you can find a way to view a transaction report for the very first user of the site.

Tip: Find the report for the first user of the site and you’ll get the flag.


Try creating your report first. Is there anything about the URL you could potentially change to see other users reports?

How to Solve:

  1. Click on Generate Report
  2. Up in the URL, change transactions-user-#.txt to transactions-user-1.txt