Official discussion thread for CDNio. Please do not post any spoilers or big hints.
Any hints?
Hey, have you solved this one yet? If so, would you mind sharing a hint? I’m stuck and feel like I’m right there.
smh… needed curl not BurpSuite… Or I was using Burp wrong
Very nice and easy challenge, kudos to the author. The biggest hint is probably present in the challenge description, then you just have to read sources available with the challenge and it is straight forward.
If you get stuck feel free to DM me for more hints/help.
1 Like
Learned a new cool technique. Good and easy challenge
Here is the web cache deception attack . There is need to make the bot “visit” the profile… But how?
And I tried everything, but still I got either “Missing token” or “Invalid token” errors
I’ve got the link to send, but when I attempt to go to the link I don’t get the flag. Can anyone DM for help?
Finally, I got the flag, the problem was how the link itself was constructed, when I had sent a request the bot visited it and it was cached by a server, but when I made the next request to get the flag , I got either “Missing token” or “Invalid token” , because the bot visited and it was cached an error page. The key elements in the source code are: 1. nginx.conf:
location ~* .(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
2. /main/routes.py:
if re.match(r’.*^profile’, subpath): # Django perfection