API 10
This exercise covers a common filter bypass in API.
In this challenge, the objective is to register an account that the application will interpret as an administrator account. The application checks for an email domain of @libcurl.so to identify administrators but blocks direct registration with such an email. To bypass this, you need to find a way to create an email that the application will accept during registration and later recognize as an administrative email.
During the registration process, the application has a filter that prevents emails ending with @libcurl.so. However, the application also checks for administrative privileges using a slightly different method. By manipulating the email address to include another domain and an extra "@" symbol, you can trick the application into treating it as an administrative email after registration. This involves a common mistake where initial filters are not consistently applied throughout the application's logic.