I am working on:
Explore the web application to identify other fields/forms that only apply front-end validation, and try to find one that suffers from ‘Validation Logic Disparity’.
Then, after abusing it to obtain UNLIMITED cubes, unlock the “Intro to Academy” module and submit the flag in the first section.
How do we see the front-end validation?
How do we see the back-end validation?
In the source code I saw that if a user login with @hackthebox.com it gets UNLIMITED, but we are not allowed to change email in profile settings:
code: users-controllers.js:
// disable registering with @hackthebox.com domain
if (email.endsWith(“@hackthebox.com”)) {
return next({
message: “Registration with @hackthebox.com email is not allowed.”,
statusCode: 422,
});
}
Also there is no way to add a creditcard to get a purchase subscription http request.
Can someone help me with this?