BalsnCTF 2022

This service related to next.js. 

// globalVars.js
const globalVars = {
  TITLE: "My First App!",
  SECRET: "here is my secret: https://www.youtube.com/watch?v=jIQ6UV2onyI",
  FLAG: "FLAGFLAGFLAG",
};

export default globalVars;

I can see fake flag and SECRET with link. I entered it, but no important information in there. Let's look around more.

<!-- index.js -->
import Head from 'next/head'
import Image from 'next/image'
import styles from '../styles/Home.module.css'
import globalVars from '../utils/globalVars'

export default function Home() {
  return (
    <div className={styles.container}>
      <Head>
        <title>Create Next App</title>
        <meta name="description" content="Generated by create next app" />
        <link rel="icon" href="/favicon.ico" />
      </Head>

      <main className={styles.main}>
        <h1 className={styles.title}>
          Welcome to <a href="#">{globalVars.TITLE}</a>
        </h1>

        <p className={styles.description}>
          Get started by editing{' '}
          <code className={styles.code}>pages/index.js</code>
        </p>

        <div className={styles.grid}>
          <a href="https://nextjs.org/docs" className={styles.card}>
            <h2>Documentation &rarr;</h2>
            <p>Find in-depth information about Next.js features and API.</p>
          </a>

          <a href="https://nextjs.org/learn" className={styles.card}>
            <h2>Learn &rarr;</h2>
            <p>Learn about Next.js in an interactive course with quizzes!</p>
          </a>

          <a
            href="https://github.com/vercel/next.js/tree/canary/examples"
            className={styles.card}
          >
            <h2>Examples &rarr;</h2>
            <p>Discover and deploy boilerplate example Next.js projects.</p>
          </a>

          <a
            href="https://vercel.com/new?utm_source=create-next-app&utm_medium=default-template&utm_campaign=create-next-app"
            className={styles.card}
          >
            <h2>Deploy &rarr;</h2>
            <p>
              Instantly deploy your Next.js site to a public URL with Vercel.
            </p>
          </a>
        </div>
      </main>

      <footer className={styles.footer}>
        <a
          href="https://vercel.com?utm_source=create-next-app&utm_medium=default-template&utm_campaign=create-next-app"
          target="_blank"
          rel="noopener noreferrer"
        >
          Powered by{' '}
          <span className={styles.logo}>
            <Image src="/vercel.svg" alt="Vercel Logo" width={72} height={16} />
          </span>
        </a>
      </footer>
    </div>
  )
}

This file only uses "globalVars" variable. So I thought this is only way I can exploit. But there is no code related to "globalVars.flag". So I searched client side.

 

I could figure many scripts. I searched a word "balsn" in all of them. 

Flag 

BALSN{hybrid_frontend_and_api}