TravelEndpoint

This challenge immerses participants in a simulated booking API environment, testing their ability to discover and exploit authorisation flaws and misconfigurations. Participants will navigate real-world API security scenarios, including unauthorised data access and privilege escalation. They will work towards uncovering the hidden flag by strategically analysing API requests, understanding the backend logic, and chaining multiple vulnerabilities. The challenge emphasises critical thinking and a hands-on approach to API security assessment, requiring precision and creativity to bypass protections and achieve the final objective.