Web - Server

dimanche 19 janvier 2020, 12:17  #1
Web - Server - HTTP Open Redirect
  • 5 posts

Hi all !

I have a little question about this challenge...

I understood what the "h" was, a way to make my own, found a way to make the redirection, and finally found the flag... So I validated this challenge, but for the first time here, I don’t understand what I did, why and how it worked, nor the interest to do so... 😄

I understand I missed some important point here and I would be grateful if someone can explain this missing part : I read documentation and watched videos, so I understood the main interest is for phishing campaigns to get more credibility but the "h" part of this challenge just puzzled me...

Thanks in advance !

mardi 30 juin 2020, 16:13  #2
Web - Server - HTTP Open Redirect
  • 1 posts

You might be just focusing on redirection payloads but missing the part of decryption. Always go for the closed options first (decryption code) so that you can get some information inside it.