/requestendpoint from which we are able to submit a URL.
Learn about URL's Firstis returned.
Please dont try to heck me sir...is returned. This was blacklist based, as pretty much every site is allowed except for
localhostand anything containing the numbers
url=http://0220.127.116.11:9006/&sub=sub. In most cases,
018.104.22.168will resolve to
127.0.0.1. We can even see this behaviour in Chrome:
Content-Lengthheader. Not Found (404) pages would have the same content length, so a different content length indicates that the page exists.
/requestendpoint. This means that the page at port 8080 is the same as the public challenge site.
http://022.214.171.124:9006/did not give us anything meaningful, but a redirection through our PHP server revealed the flag in one of the headers.