I found XSS points and confirmed that if I give a URL to the admin bot, it will redirect to the webhook normally. However, due to the httponly option issue, the session was not output, and I searched to bypass it, but I couldn't really see a method. Am I missing something here? I would appreciate your answers!!

Is it normal that the blog page doesn't appear originally???

The environment is being set up with the given Docker file, and the following issues occurred during the build process. E: Unable to locate package conf-service E: Unable to locate package libappindicator1 The command '/bin/sh -c apt-get install -y conf-service lib

Since there is a branch statement in the “/” path, web-noob.kr must be included in the “/” path, and I think the “/flag” path must be included in bot.js's url.href to be flagged. What method can I use to add different values for each hostname depending on the path?

(hostname === 'web-noob.kr' && user ['username'] === 'hello') The first condition compares whether user ['username'] is the same as' hello ' (hostname === 'web-noob.kr' && username === 'world') The second condition compares whether the username is the same as “world.”

I'm trying to insert quotas and various methods for the parsed key values. I'm stuck here, but I wonder if I can get any hints or help?

I'm still a beginner, so I don't know many things. I would appreciate it if you could keep this in mind and answer my question. If you enter it in /report, it's in /bot await page.goto (http://127.0.0.1:80/? blog=$ {url.href} ); Is it correct to enter $ {url.href} on this line..? If question 1 is correct, go to /flag in /report

ReferenceError: username is undefined at /app/api/index.js:12:104 at layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js: 95:5) at next (/app/node_modules/expr

The conditional statement part passed, but since the html entity was coded when rendered, I couldn't get out of the let url =” part. I would appreciate your help