urlcheck v1 (Web, 98 points)
Solved by Ozetta.
Objective: SSRF http://127.0.0.1/admin-status
The input needs to fulfil the pattern '\A(\d+)\.(\d+)\.(\d+)\.(\d+)\Z' and the first octet cannot be 0 or 127, and some other patterns for internal IP addresses. For some reason, int("0177") is still 177 instead of 127 in Python, so we can use http://0177.0.0.1/admin-status
urlcheck v2 (Web, 128 points)
Solved by Ozetta.
Objective: SSRF http://localhost/admin-status