Official discussion thread for ArtificialUniversity. Please do not post any spoilers or big hints.
Oh God !!! was absolutly insane !!!
Summary
once you can reach the curl you are almost done! 
Need a hint how to get to curl? i have xss on a pdf, how do i get to the right context?
how did you get xss on the pdf? I have tried different things but the python fpdf just doesn’t seem vulnerable to xss.
Maybe look for the vulnerability somewhere else. Where is it displayed?
Okay, got RCE and I know it did work since I am running locally, but then when I change my payload, it still runs my old payload and doesn’t “accept” my new payload which seems weird. Could there be any reason for this ?
Anybody here? Stuck after xss in pdf.
gopher seems not work with http2,from wireshark i see there is a random sequence after first request and we need to repeat that,or the grpc server wont reply,i m stuck here
well for some verisons of curl null byte is not allowed,so remember to test curl on your docker machine ,or install the same version. Besides,using gopher you wont be able to complete the entire
tcp stream because,as i said before ,we need a reply,which we cant manipulate in gopher,but if you generate the correct stream,the code is exec in the background although you cant see it.