Can someone give me hint to bypass localcheck ? I tried to add various headers to P*** method but none of them works.
edited: nah, I found it (removing because of hints)
ā ā ā ā my brains! It took so long to sort out this box ⦠Thanks for the tips above.
Iām having this exact same problem. I am getting the right type of request sent to the right endpoint but I get an exception raised due to req.socket.remoteAddress being undefined during the IP check.
Did anyone else run into this? How did you solve it?
Update: Nevermind, figured it out! Great challenge, I learned a ton along the way.
Hi, I am stucking at re*******ess is undefined, how can I bypass it?
I just realize how to finish this box and I want to give a little clue:
Focus on register function, but not directly.
Iām going crazy here! I know how to get the login working, I just need to be able to bypass the localhost check. I have a few theories, but so far none worked, can somebody give me a hint? is it through proto-p? req smuggle?
Hey guys just completed the challenge
{got some help from discord}
Well HINT: Look at the source code of js files carefully
1 > Check the weather for different city and notice what is happening
2 > IMP : Divorces are bad but we kinda need them
3 > Keeping distance is the key
Smuggling is bad {KEEP THE DISTAnCE}
Synonm for Separating
Hello, I send a post request with the right endpoint but it tells me it {error:Couldnāt find Dallas or Us}" Which are the city name and country,any help?
Iām trying to work on bypassing localhost checking on /rr. Is SF on /a/w***r the way to go? Seems like the wrong type of requestā¦
Your comments have just confused me more
I am also facing the issue where the socket IP is somehow undefined. Tried many headers but it does not seem to work⦠Can anyone provide me with a nudge?
That really was harder than I thought, still stuck, some hints guys.
what I already found:
SQL injection vulnerability in the /register POST end point.
I think there is also some way to exploit the weather helper too, but I have no Idea how?, sending requests? injecting something to the url?
HELPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
for those who having āundefinedā problem:
Not every character is accepted
try to run proof of concept on your machine and enter your query there.
also 2 in not al limit. there can me more
hope this helps
Hi. Iām stuck with endpoint line.
I got a feeling that Iām almost there.
Anyone can nudge me in the right direction?
Thanks.
i am new to challenges. I have downloaded the file but not able to figure out what to doā¦
Iāve been working on this challenge for a few days now and Iām stuck.
Any help would be appreciated!
Just solved it, not without help. My main mistake was my own lack of attention, so hereās an advice for anyone stuck: look very closely at everything youāve downloaded and try to find some curious things. Iāve found eight or maybe even twelve of them. Good luck!