n00bcreated a super secure website for sharing images.
Do you think you can hack it?
When looking at the index, we quickly noticed the uploader and input
Enter image URL.
Usually I think so I should get some XSS, send the link to the admin and get some cookie.
I got an alert on the client side with a
.svg file, but I did not get any results.
I sent my host
fireshellsecurity.team who was listening on port
1337, but I received the following message.
Apparently and could only send files that were on the link
So I decided to try something better, I sent the
http://[email protected]:1337 payload, I saw my host where I was listening on port
1337, and there was the flag.
I think the resolution involves some other bypass, maybe with htaccess, some time later, the bypass was not working anymore.