I’ve been stuck on this challenge for more than I’m willing to admit, any hint?
im a little lost too. i found the flag.txt in the challenge directory i doubt its that easy. ive never done the challenges before.
After a couple of hours I completed it, DM me if you want an hint.
The goal of the challenge is to exploit the remote instance. The source code is given to you in order to find the vulnerability and for exploit testing purposes, the local flag is obviously fake.
1 Like
I tried to exploit that input but doesnt work.:- any hints
Have you identified the type of vulnerability?
I think it’s a ssrf vulnerability.
Solved it. First, focus on analyzing the code, explain to yourself each line.
I still stuck. any hint?
yeah seems like ssrf, the safeurl version used here is patched one… can u give a nudge?
Check DM.
sent u DM.
yes it is.
try url shortner
1 Like
Why is it that when the same URL is shortened, one cannot be accessed when using TinyURL, but can be accessed when using URL Shortener?Does it make any difference?
Unfortunately, it seems some bypasses are working. Seems like issues with ‘safeurl’ library as lack of dns pinning protection. Let me make it clear here that the intended solution is not to exploit library itself but some Other thing. 
Well, I finally beat it. Afterwards I’ve looked through other ways people beat it and realized I made things hard on myself, I did a lot more of it by hand than I needed to.
Fyi to anyone, the port you need to read from is the port seen in the code, not the port you use to access the website. I was hung up on this - and what should have worked didn’t because of this which is why I ended up doing a lot more by hand and making it harder on myself than necessary lol.
If anyone needs help lmk
I’m stuck with this challenge, need a hint. have been tried with online url redirect tools and also did some local debugging, it seems that i just can’t get through the safeurl execute function. 
Check DM
Hi! I’m stuck on this challenge, unfortunately the previous hints didn’t work for me, can you please help me?
Anyone have a URL shortener that actually works? So far every URL shortener I find returns a “Deceptive link ahead” error and prevents the page from being rendered. Do I have to do the redirection manually myself to make this work?