We also found the intended way, how to get the admin entries. You only must copy a list entry and set the ID to some low values.

I love how this challenge was basically broken like 3 times over. Just shows how hard security is. XD

Awesome format, subbed.

Loving the CTFs, provides us with real world examples of exploits. However, I'm still having trouble learning to apply the knowledge and theory I've learned. I know all about various protocols, common problems with them, knowledge on various exploits, etc. I'm just having trouble looking at places to apply the thing's I've learned. Is there any help you could give me?

Wonderful Bro keep up good work (y)

Haha 7:44 :D another great video :)

This guy is awesome X)

Exploiting unintended bugs for the win!

Good stuff.

Whys would someone dislike this

I'm starting learning web security from today, but i see Twitter post then get demotivated. am i too late?

You could also trick parse_url w/ an url like "some:thing@127.0.0.1:80@33c3ctf.ccc.ac/reeeaally/reallyy/c00l/and_aw3sme_flag" in case you don't want the work of messing w/ dns XD

Would it also work if you use 127.0.1.1 instead of 127.0.0.1? because the code checks only for 127.0.0.1/24 but the IPv4 loopback addresss is 127.0.0.1/8, isn't it?

Was it possible to just bypass the 127.0.0.1/8 check by typing the IP differently? E.g., in binary or integer format or in IPv6?

im at a loss, proxy for what?

sponsored by hover

Please disable automatic video title translation. Technical stuff lose their meaning when translated :)

Hey, ich wollte mal fragen ob du bereit wärst eine fasm/masm tutorial reihe zu starten? @LiveOverflow

I would like to participate in more CTFs . Is there a place where I can do this? List0r seems like there are more official teams and events that get announced. I am looking for something more constant and less official. I just work a lot and don't want my work to disrupt my team .