Forum Discussion

pcarra1's avatar
pcarra1
Icon for Bronze I rankBronze I
2 months ago
Solved

Server-Side Request Forgery Web App Hacking

I've been banging my head against this for a few hours now and worked my way all the way through to step 7.  I am not able to retrieve /tmp/token.txt.  I've tried modifying the "url" param key and fo...
  • AtakanBal's avatar
    2 months ago

    Hi pcarra1,

    Yes, it’s about modifying the URL value, but not through directory traversal or bypassing filters. There’s another method you can use that involves a different URI scheme other than "http". The briefing section includes an example of this.