API 13
Bookmarked!This exercise covers a complex filter bypass in API.
In this challenge, your task is to find a way to register an account that the application will interpret as an administrator account. The code checks for an email address in @libcurl.so to verify if you are an administrator but also prevents you from registering with a libcurl.so email address. To bypass this restriction, you will need to use a Unicode-based approach.
The video demonstrates how to exploit this vulnerability by substituting characters in the email address with their Unicode equivalents. For example, replacing the 'i' in libcurl.so with a dotless 'i' can trick the application into validating the email as an administrative one. This allows you to bypass the email validation check and gain elevated privileges inside the application.