This will be solution for Level 13 Practical Web Hacking CTF #2.
This level we are told that we have to find a way to redirect our selfs to other domain, this means that we need to exploit a Unvalidated Redirect or Forward.
The the information we need is given to us after the last level as seen in the picture.
We can try to excute a direct redirect with the same parameter and the url that we what.
This shows us that we have some protection in place, and we are left with the flowing options.
- Find out if the protection is case senstive.
- Find if the protocol is actualy mandatory.
And by the picture below we can see that the last option is actualy the correct one might seem remote by their are some markup formats that use this sintax to represent external domains :)
So we are done, most of the levels have a direct mapping with owasp top 10, and most of them a representation of some of the weak links in web development.