Official Phonebook Discussion

Can someone please give me a hint?

Hello there ! Still stuck for this one ! Is it possible to provide any hint in DM ? Got the s**** page, but stuck with 4** response…

Of course many thanks in advance !

i feel like i’m overthinking this. Got past login, thinking similar method would apply to getting secret data or the flag, as well as tried some other stuff like cdinj****ion with no love. Anyone willing to DM me a nudge in the right direction? I know what was vuln for the login, looks like it should apply again to the search page, but IDK.

@initinfosec said:
i feel like i’m overthinking this. Got past login, thinking similar method would apply to getting secret data or the flag, as well as tried some other stuff like cdinj****ion with no love. Anyone willing to DM me a nudge in the right direction? I know what was vuln for the login, looks like it should apply again to the search page, but IDK.

Same here, bypassed the login page but now I’m struggling with the 4** error… I don’t understand how I could apply the same logic to this page…

If anyone needs a hint feel free to DM me

Solved! Fun challenge :slight_smile:
Every hint you need is already in this thread. But you can DM.

It’s really easy once you know what technique to use. I had never heard of it before so never would have got there without a nudge from alyslon. Now that I know what it is I can see how the message on the main page is a hint.

Type your comment> @Hilbert said:

It’s really easy once you know what technique to use. I had never heard of it before so never would have got there without a nudge from alyslon. Now that I know what it is I can see how the message on the main page is a hint.

Can you help me out pls. I don’t seem to get it.

I found an other page and stuck there. I dont know how to bypass login page. Can someone give me a hint please?

Nice challenge, learned new things. Feel free to DM for hints.

I also found the other page but am stuck even after reading this thread over and over. Please hint me up :slight_smile: Thanks.

Can anyone help me out? PM?

One entire day thinking and trying to figure out how to get the flag and still don’t got it…
I’ve bypass the login page, find the s***** page, created a python script, but always get Access Denied, I still don’t have the phone book list or anything.
I’m pretty lost here, please give me a light !

I finally made it (with a few hints and DMs).

@Icyb3r said:
Hint:
First page has everything you need.

and

@vajkdry said:
Think more about how you bypassed the first step.

You really need to focus on the first page and try stuff, don’t waste time on other things.

Really nice challenge, I learned a lot !

(Also if you need some help, feel free to DM)

still i’m stuck at search page. tried every possible ways from hint. Can anyone please give hint, what to approach?

Hi, I’m very new to this and I try to learn as much as I can. So I’m still stuck at the login page. I managed to find the X** but I don’t know how to proceed after. Any hint in DM would be highly appreciated.

As stated in the comments, everything that is needed to solve this challenge is on the first page. And so did I succesfully.

However may I ask if someone was able to successfully exploit the s****** api as well. If so I would be interested in a dm to shortly discuss this. Thanks

I am stuck. DM please with hint…=(((

I found the X** but nothing else. Please help.
Great Challenge learned something new.
Tip: Don’t overthink it.
PM if You need help.