Day 16: Power Cookie — picoCTF Web Exploitation Writeup
📰 Medium · Cybersecurity
Learn to exploit a web vulnerability by manipulating browser cookies in a picoCTF challenge
Action Steps
- Launch a picoCTF instance for the Power Cookie challenge
- Inspect the website's cookies using browser developer tools
- Manipulate the cookie values to bypass security restrictions
- Use the manipulated cookie to gain unauthorized access to the website
- Analyze the website's code to understand the vulnerability and how to prevent it
Who Needs to Know This
Web developers and security teams can benefit from understanding how to identify and exploit vulnerabilities in web applications, particularly those related to browser cookies.
Key Insight
💡 Browser cookies can be manipulated to bypass security restrictions, highlighting the importance of proper cookie handling and validation in web applications.
Share This
💡 Exploit web vulnerabilities by manipulating browser cookies! #cybersecurity #webexploitation
Key Takeaways
Learn to exploit a web vulnerability by manipulating browser cookies in a picoCTF challenge
Full Article
Title: Day 16: Power Cookie — picoCTF Web Exploitation Writeup
URL Source: https://medium.com/@siyam.exe/day-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3?source=rss------cybersecurity-5
Published Time: 2026-06-20T13:01:02Z
Markdown Content:
# Day 16: Power Cookie — picoCTF Web Exploitation Writeup | by Siyam | Jun, 2026 | Medium
[Sitemap](https://medium.com/sitemap/sitemap.xml)
[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)
Get app
[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)
[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

# Day 16: Power Cookie — picoCTF Web Exploitation Writeup
[](https://medium.com/@siyam.exe?source=post_page---byline--6465342914a3---------------------------------------)
[Siyam](https://medium.com/@siyam.exe?source=post_page---byline--6465342914a3---------------------------------------)
Follow
4 min read
·
1 hour ago
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F6465342914a3&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&user=Siyam&userId=49bb994c9ff7&source=---header_actions--6465342914a3---------------------clap_footer------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Frepost%2Fp%2F6465342914a3&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&user=Siyam&userId=49bb994c9ff7&source=---header_actions--6465342914a3---------------------repost_header------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F6465342914a3&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&source=---header_actions--6465342914a3---------------------bookmark_footer------------------)
[Listen](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3D6465342914a3&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&source=---header_actions--6465342914a3---------------------post_audio_button------------------)
Share
A simple picoCTF web challenge where the website trusted a browser cookie a little too much.
Today marks the start of the web category.
We are starting with **Power Cookie** from picoCTF, or CyLab if we want to sound like we read the official branding properly.
Press enter or click to view image in full size

The challenge did not give much explanation.
It simply asked me to launch an instance and visit the websi
URL Source: https://medium.com/@siyam.exe/day-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3?source=rss------cybersecurity-5
Published Time: 2026-06-20T13:01:02Z
Markdown Content:
# Day 16: Power Cookie — picoCTF Web Exploitation Writeup | by Siyam | Jun, 2026 | Medium
[Sitemap](https://medium.com/sitemap/sitemap.xml)
[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)
Get app
[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)
[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

# Day 16: Power Cookie — picoCTF Web Exploitation Writeup
[](https://medium.com/@siyam.exe?source=post_page---byline--6465342914a3---------------------------------------)
[Siyam](https://medium.com/@siyam.exe?source=post_page---byline--6465342914a3---------------------------------------)
Follow
4 min read
·
1 hour ago
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F6465342914a3&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&user=Siyam&userId=49bb994c9ff7&source=---header_actions--6465342914a3---------------------clap_footer------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Frepost%2Fp%2F6465342914a3&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&user=Siyam&userId=49bb994c9ff7&source=---header_actions--6465342914a3---------------------repost_header------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F6465342914a3&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&source=---header_actions--6465342914a3---------------------bookmark_footer------------------)
[Listen](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3D6465342914a3&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&source=---header_actions--6465342914a3---------------------post_audio_button------------------)
Share
A simple picoCTF web challenge where the website trusted a browser cookie a little too much.
Today marks the start of the web category.
We are starting with **Power Cookie** from picoCTF, or CyLab if we want to sound like we read the official branding properly.
Press enter or click to view image in full size

The challenge did not give much explanation.
It simply asked me to launch an instance and visit the websi
DeepCamp AI