$ cat writeup.md…
$ cat writeup.md…
hackadvisor
Task: PushRelay webhook platform validates URLs against SSRF blocklist using WHATWG URL parser, but misses IPv6-mapped IPv4 addresses. Solution: Bypass blocklist with http://[::ffff:127.0.0.1]:3001/ to reach internal config service and retrieve the flag.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar