Big Transfer | CyberStart Completion

Big Transfer


Agent, we’ve just intercepted a message between two of The Choppers talking about how they intend to steal money from the bank account of a different competitor to fund their plans.

It said they’ve found a weakness in the money transfer tool on the Global Bank website. We’ve just successfully put through a test transfer, can you prove it’s vulnerable by transferring 1000 to a bank account called cpatestreceiver from cpatestsender.

Tip: Sometimes URLs can be manipulated to bypass security.


Did you notice the URL on the successful transfer page? I wonder what would happen if you changed the parameters and submitted it again?

How to Solve:

  1. Change the details in the URL as follows:
    1. amount=100
    2. from=cpatestsender
    3. to=cpatestreciever
  2. The URL should look like this:
  3. Enter the new URL into the builtin address bar to get the flag.