Day 16: Power Cookie — picoCTF Web Exploitation Writeup

📰 Medium · Cybersecurity

Learn to exploit a web vulnerability by manipulating browser cookies in a picoCTF challenge

intermediate Published 20 Jun 2026
Action Steps
  1. Launch a picoCTF instance for the Power Cookie challenge
  2. Inspect the website's cookies using browser developer tools
  3. Manipulate the cookie values to bypass security restrictions
  4. Use the manipulated cookie to gain unauthorized access to the website
  5. Analyze the website's code to understand the vulnerability and how to prevent it
Who Needs to Know This

Web developers and security teams can benefit from understanding how to identify and exploit vulnerabilities in web applications, particularly those related to browser cookies.

Key Insight

💡 Browser cookies can be manipulated to bypass security restrictions, highlighting the importance of proper cookie handling and validation in web applications.

Share This
💡 Exploit web vulnerabilities by manipulating browser cookies! #cybersecurity #webexploitation

Key Takeaways

Learn to exploit a web vulnerability by manipulating browser cookies in a picoCTF challenge

Full Article

Title: Day 16: Power Cookie — picoCTF Web Exploitation Writeup

URL Source: https://medium.com/@siyam.exe/day-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3?source=rss------cybersecurity-5

Published Time: 2026-06-20T13:01:02Z

Markdown Content:
# Day 16: Power Cookie — picoCTF Web Exploitation Writeup | by Siyam | Jun, 2026 | Medium

[Sitemap](https://medium.com/sitemap/sitemap.xml)

[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)

Sign up

[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)

Get app

[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)

[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)

Sign up

[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

![Image 1: Unknown user](https://miro.medium.com/v2/resize:fill:32:32/1*dmbNkD5D-u45r44go_cf0g.png)

# Day 16: Power Cookie — picoCTF Web Exploitation Writeup

[![Image 2: Siyam](https://miro.medium.com/v2/resize:fill:32:32/1*bzg7jpL1UQ7eRT3tX2r0XQ.jpeg)](https://medium.com/@siyam.exe?source=post_page---byline--6465342914a3---------------------------------------)

[Siyam](https://medium.com/@siyam.exe?source=post_page---byline--6465342914a3---------------------------------------)

Follow

4 min read

·

1 hour ago

[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F6465342914a3&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&user=Siyam&userId=49bb994c9ff7&source=---header_actions--6465342914a3---------------------clap_footer------------------)

[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Frepost%2Fp%2F6465342914a3&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&user=Siyam&userId=49bb994c9ff7&source=---header_actions--6465342914a3---------------------repost_header------------------)

[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F6465342914a3&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&source=---header_actions--6465342914a3---------------------bookmark_footer------------------)

[Listen](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2Fplans%3Fdimension%3Dpost_audio_button%26postId%3D6465342914a3&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40siyam.exe%2Fday-16-power-cookie-picoctf-web-exploitation-writeup-6465342914a3&source=---header_actions--6465342914a3---------------------post_audio_button------------------)

Share

A simple picoCTF web challenge where the website trusted a browser cookie a little too much.

Today marks the start of the web category.

We are starting with **Power Cookie** from picoCTF, or CyLab if we want to sound like we read the official branding properly.

Press enter or click to view image in full size

![Image 3](https://miro.medium.com/v2/resize:fit:700/1*1HVcKXuNDyc3QqH5xcKdnw.png)

The challenge did not give much explanation.

It simply asked me to launch an instance and visit the websi
Read full article → ← Back to Reads

Related Videos

Best VPN for Mac 2026 — Top 3 Tested and Which ONE Wins
Best VPN for Mac 2026 — Top 3 Tested and Which ONE Wins
Tutorial Stack
What is DevSecOps Explained with Examples
What is DevSecOps Explained with Examples
VLR Software Training
What is Post Quantum Cryptography Explained with Examples
What is Post Quantum Cryptography Explained with Examples
VLR Software Training
What is Biometric Authentication Explained with Examples
What is Biometric Authentication Explained with Examples
VLR Software Training
What is Passkeys Explained with Examples
What is Passkeys Explained with Examples
VLR Software Training
What is reCAPTCHA v3  Explained with Examples
What is reCAPTCHA v3 Explained with Examples
VLR Software Training