Client-State Manipulation

Vast majority of these are going to be related to injections and we will talk about later.

That doesn't mean there won't be password reset vulns.

As a near general rule, you will not bruteforce logins during CTFs, so don't do it without permission from organizers. If you are bruteforcing, you are likely wrong.