Forum Discussion
pcarra1
Bronze I
2 months agoServer-Side Request Forgery Web App Hacking
I've been banging my head against this for a few hours now and worked my way all the way through to step 7. I am not able to retrieve /tmp/token.txt. I've tried modifying the "url" param key and fo...
AtakanBal
Bronze III
2 months agoHi pcarra1,
Yes, it’s about modifying the URL value, but not through directory traversal or bypassing filters. There’s another method you can use that involves a different URI scheme other than "http". The briefing section includes an example of this.
- pcarra12 months ago
Bronze I
I figured it out..... for the life of me I swear I tried that before posting. Persistence is key thanks for the reply!