Mirage Track

Level 28 → Level 29

Cross-Origin Trust
850 pts+100 first-blood bonus

Objective

Vaultline. Two directions of browser trust — forge the request, then read the response (CSRF + CORS).

How to play

Open the target in your browser, find the flaw, and exploit it. On success the page reveals the login for the next level — that password is this level's flag. Submit it on the track page (or /submit) to bank the points.

Target

Log in as l28 with the password you captured on the previous level, then:
https://mirage-l28.breachlab.org
Open target ↗
🩸
First Blood captured by
ACTIVE RECORD