API 12

This exercise covers a common filter bypass in API.

< 1 Hr.
API Badge


In this challenge, your objective is to register an account that the application will interpret as an administrator account. The application checks for an email address in the domain @libcurl.so to verify if you are an administrator, but it also prevents registration with a libcurl.so email address. You will need to find a way to bypass this restriction.

One common approach to bypass such validation is to exploit potential flaws in the regular expression used for email validation. For instance, if the developers forgot to escape a dot (.), it could be interpreted as any character. By carefully crafting an email that looks like libcurl.so but does not exactly match it, you can trick the application into granting you administrative privileges. This challenge emphasizes the importance of understanding how regular expressions work and how they can be exploited if not properly implemented.

Want to learn more? Get started with PentesterLab Pro! GO PRO