Last weekend I participated in a capture-the-flag event sponsored by Bishop Fox and ran by students at BYU. Following the event I decided that it may be fun to try and crack the scoring software itself – so I've written up the process here to explain how I put the exploit together. --- Although spoofing client-side authentication tokens is nothing new (and the targeted framework in this case isn't a widespread one like Rails or something similar), this exercise serves as a good, very simple...
