API 11

This exercise covers a common filter bypass in API.

PRO
Tier
Medium
< 1 Hr.
136
API Badge

Course


This challenge involves finding a way to register an account that the application will interpret as an administrator account. The application verifies admin status by checking for an email address in @libcurl.so but prohibits direct registration with a libcurl.so email address. To bypass this restriction, you need to find a way to mimic the libcurl.so domain without directly using it.

The course recommends automating the account creation, logging in, and retrieving the user profile by interacting directly with the API. The video further explains that the application likely uses a regular expression to validate email addresses and may omit a critical character, allowing you to exploit this oversight to gain admin privileges.

Want to learn more? Get started with PentesterLab Pro! GO PRO