Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Question pertaining to HBH

  1. Home
  2. Forum
  3. Questions
  4. Question pertaining to HBH

ghost's Avatar

ghost

0 0

What's the purpose for the redirection to the homepage if a link unknown is submitted into the URL? To be honest, it seems like a burden when you're doing the real challenge.


Arabian's Avatar

Arabian

Member
0 0

I too think this is a terrible feature.


stealth-'s Avatar

stealth-

Ninja Extreme
0 0

Oh, woah. Is this new?


Arabian's Avatar

Arabian

Member
0 0

stealth- wrote: Oh, woah. Is this new?

Been here since the last server update.


ghost's Avatar

ghost

0 0

Yeah, it's pretty annoying. Seems like they could fix it easily though.


stealth-'s Avatar

stealth-

Ninja Extreme
0 0

Z3D4 wrote: Yeah, it's pretty annoying. Seems like they could fix it easily though.

It sounds like it was supposed to be a 'feature'.


ghost's Avatar

ghost

0 0

Bumping this thread, been digging through the new urllib module for python 3.x, and redirects will ONLY happen if the Location header is properly formed.

The redirect from HBH is:

Location: ../../../index.php

According to RFC2616 - sec14:

For 3xx responses, the location SHOULD indicate the server's preferred URI for automatic redirection to the resource. The field value consists of a single absolute URI.

   Location       = "Location" ":" absoluteURI

An example is:

   Location: http://www.w3.org/pub/WWW/People.html

http://www.ietf.org/rfc/rfc2616.txt

I believe that just correcting the Location header will fix this issue, and also be less headaches for people doing the timed challenges

-elmgiuel


elmiguel's Avatar

elmiguel

Member
2,795 1

–Sorry if this becomes a double post, search picks up my other post under elmiguel but doesn't show up in the forum thread. So I am reposting under this account, will edit if needed.–

Bumping this thread, been digging around the new urllib module ofr python 3.x and it seems that redirects will ONLY happen if the Location header is properly formed.

This means that when writing programs/scripts in python, you will not be able to be redirected to the new uri.

the current location header now is set to:

Location: ../../../index.php\r\n

According to RFC2616:

For 3xx responses, the location SHOULD indicate the server's preferred URI for automatic redirection to the resource. The field value consists of a single absolute URI.

   Location       = "Location" ":" absoluteURI

An example is:

   Location: http://www.w3.org/pub/WWW/People.html

http://www.ietf.org/rfc/rfc2616.txt

I believe this redirect issue can be corrected by adjusting the output of the location header to be absolute and not relative.

-elmiguel