Server-Side Request Forgery Q6 & Q7

Question

Hi,I am looking for some help with the question "Exploit the SSRF vulnerability and read the configuration file of the previously identified service account, running on port 3000. What version number is the bot running?"I have found the bot name and tried the URL 10.102.160.173/lookup?url=http://localhost:3000/svc-debug/configHowever, it doesn't matter which way I try the URL; I can't seem to get it to work. Any Suggestions.I would think that the help for this would also assist with Q7.&nbsp;

djp2891 · Answer

Never mind. Got there in the end! I was looking for the results in the wrong place ;-)

Forum Discussion

Server-Side Request Forgery Q6 & Q7

1 Reply

Featured Places

Help

Related Content

Server-Side Request Forgery

Server-Side Request Forgery Web App Hacking

Help with Cross Site Request Forgery (Twooter)

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Recent Discussions

Return to Haunted Hollow: PCAP Pandemonium

Kusto Query Language: Ep.7 – String Processing Q10

insufficient permissions for the lab "IAM and EC2: Instance Profiles"

SuperSonic: Ep.7 – LIFTON

Linux CLI: Ep.17 – Demonstrate Your Skills