Hint for HELP

It seems I bypassed the file extensions upload for my php session, but I have not idea where its uploaded to. Looking through the GitHub I dont see anything.

Took me a while to know I had to time travel, I feel discriminated.

@vanquish said:
It seems I bypassed the file extensions upload for my php session, but I have not idea where its uploaded to. Looking through the GitHub I dont see anything.

Look harder. It tells you where to look if you’re reading the code.

Edit: Found it. Nice box with little frustration on error msg. Interested to know the other way to get the user.

@GrafEisen said:
Took me a while to know I had to time travel, I feel discriminated.

Exactly… not unless you live in a UTC time zone XD

IIRC the time() command in PHP and time.time() in python return UTC.

@jkr said:
IIRC the time() command in PHP and time.time() in python return UTC.

You still have to time travel a little bit, or adjust the exploit, which is what I did :wink:

But it does not have to do with timezones but with poorly synced clocks?

@jkr said:
IIRC the time() command in PHP and time.time() in python return UTC.

Weird, if I check the source that worked and time.time() I do get the same value, but time.time() is still not working. I guess it only wanted me to work more.

need root help…

If anyone could help me with the Node.js part and how to use it, that would be great. Never used this method and I am a bit lost here.

rooted… nice box…

Spoiler Removed

the travel in time a bit confused me, how to get back the right value ?

@Seth70 Look at the server header response with a proxy

@lemarkus said:
If anyone could help me with the Node.js part and how to use it, that would be great. Never used this method and I am a bit lost here.

I did this way too. It’s pretty interesting to get the things.

@MrR3boot so simple fuzzing for the parameter name and value is not enough? is the etag important?

@dev0id You have to form proper request body with correct params (you get them on errors by the way) in the required format. Make sure you found the correct endpoint like chart. Can’t say more without spoiling.

@dev0id said:
@MrR3boot so simple fuzzing for the parameter name and value is not enough? is the etag important?
This might help
a collection of points whose coordinates satisfy a given relation.

@cymtrick Nice box dude. Good learning BTW

@lantog said:
@Seth70 Look at the server header response with a proxy

oh noo… XD a bit overthinked by me thx…