Skip to content

Recon Stage

The website shows a countdown timer:

Countdown to amazingness

NOTE: You can see exactly when I did this challenge based on the countdown timer. As of this moment the countdown timer is zeroes across the board, but the timer was set for 12/25/21. Apparently nothing amazing ever came. Not from Jack Frost, anyway!

Based on reviewing the code, I have mapped out the following endpoints:

No access necessary

  • / - GET -- main site, shows countdown
  • /testsite - GET -- apparently a test site.
  • /testsite - POST -- Handles the "stay tuned" process.
  • /contact - GET -- Shows a "Contact Us" page, asking for a full name, email, phone number and country.
  • /postcontact - POST -- Handles that values submitted from the /contact endpoint.
  • /login - GET -- A 'Sign in' page.
  • /login - POST -- Performs the actual logging in
  • /redirect - GET -- Bounces you to a login page if you aren't logged in.
  • /forgotpass - GET -- Renders a "I forgot my password" page.
  • /forgotpass - POST -- Handles submissions from the /forgotpass endpoint.
  • /forgotpass/token/:id - GET -- I assume you can get a user's forgotten password here? (find out what a "token" is)
  • /forgotpass/token/:id - POST -- Updates a user's password.
  • /detail/:id - GET -- Allows me to view users that have filled out data on the /contact endpoint
  • /edit/:id - GET -- Frontend to editing a user's data.
  • /edit/:id - POST -- Handling of the updating of user's data
  • /delete/:id - POST -- Deletes a user
  • /search - GET -- Searches through users. Interesting...
  • /search - POST -- Performs the actual searching
  • /export - POST -- I think this dumps the entire uniquecontact database as an XML file
  • /logout - GET -- destroys the session and bounces you to /contact.
  • /dashboard - GET -- Displays the actual Dashboard
  • /adduser - GET -- Frontend to adding a user, but ONLY if your userstatus == 1
  • /adduser - POST -- Handles the adding of a user.
  • /userlist - GET -- Frontend to displaying all users, but ONLY if your userstatus == 1
  • /useredit/:id - GET -- Frontend to modifying a user, but ONLY if your userstatus == 1
  • /useredit/:id - POST -- Handles the actual editing of a user. ALSO escapes XSS, just saying
  • /userdelete/:id - POST -- Handles the deletion of a user.