Server-Side Request Forgery Q6 & Q7

Question

Hi,I am looking for some help with the question "Exploit the SSRF vulnerability and read the configuration file of the previously identified service account, running on port 3000. What version number is the bot running?"I have found the bot name and tried the URL 10.102.160.173/lookup?url=http://localhost:3000/svc-debug/configHowever, it doesn't matter which way I try the URL; I can't seem to get it to work. Any Suggestions.I would think that the help for this would also assist with Q7.&nbsp;

anonymous · Answer

Never mind. Got there in the end! I was looking for the results in the wrong place ;-)

Forum Discussion

Server-Side Request Forgery Q6 & Q7

1 Reply

Featured Places

Help

Related Content

Server-Side Request Forgery

Server-Side Request Forgery Web App Hacking

Help with Cross Site Request Forgery (Twooter)

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Recent Discussions

CSP Hash Incorrect Despite Correct Script and Hash (CSP Lab Issue?)

Defensive fundamental question three

Modern Encryption: Demonstrate Your Skills

Microsoft Defender for Cloud

Creating Quantum Circuits: Ep.2 – Deutsch-Jozsa Algorithm