Type your comment> @TazWake said:
@H4FN said:
Ok - it wont be long now anyway.
In a nutshell, if you read the code its possible to identify a way to inject stuff which can make a request on your behalf. With some effort this can be used to bypass a control and send data to a system which opens the door to further exploitation.
It is one of the hardest footholds I’ve seen in a long time.
I´m not sure about it but I guess I saw that part into the code after URL validations with the curl to the URL but I could not figured out how to exploit it I need to keep reading and practicing