Server-Side Request Forgery Web App Hacking

Question

I've been banging my head against this for a few hours now and worked my way all the way through to step 7.&nbsp; I am not able to retrieve /tmp/token.txt.&nbsp; I've tried modifying the "url" param key and found it throws a 500 for anything I've tried other than "url". I've tried modifying the "url" value to use directory traversal and "///tmp/token.txt", "/tmp/token.txt".&nbsp; Still no luck.&nbsp; I've also tried using the original url paths and the bypass I used to view the config file for the bot and I get 404's back.&nbsp; I think the lab could have an issue? I have screenshots but didn't want to share them unless asked to not reveal any answers. Any help is appreciated.

atakanbal · Accepted Answer

Hi pcarra1,Yes, it’s about modifying the URL value, but not through directory traversal or bypassing filters. There’s another method you can use that involves a different URI scheme other than "http". The briefing section includes an example of this.

Forum Discussion

Server-Side Request Forgery Web App Hacking

2 Replies

Featured Places

Community Forum

Related Content

Server-Side Request Forgery

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

SSRF Challenge

Pen Test CTFs: Jinja2 Exploitation

Recent Discussions

Trick or Treat on Specter Street: Ghost of the SOC

Trick or Treat on Specter Street: Ghost of the SOC

Weekly Welcome

Practical Malware Analysis: Demonstrate Your Skills Malware (Offensive)

Burp Suite Basics: Intruder - Stuck on missing password.txt