Server-Side Request Forgery Web App Hacking

Question

I've been banging my head against this for a few hours now and worked my way all the way through to step 7.&nbsp; I am not able to retrieve /tmp/token.txt.&nbsp; I've tried modifying the "url" param key and found it throws a 500 for anything I've tried other than "url". I've tried modifying the "url" value to use directory traversal and "///tmp/token.txt", "/tmp/token.txt".&nbsp; Still no luck.&nbsp; I've also tried using the original url paths and the bypass I used to view the config file for the bot and I get 404's back.&nbsp; I think the lab could have an issue? I have screenshots but didn't want to share them unless asked to not reveal any answers. Any help is appreciated.

atakanbal · Accepted Answer

Hi pcarra1,Yes, it’s about modifying the URL value, but not through directory traversal or bypassing filters. There’s another method you can use that involves a different URI scheme other than "http". The briefing section includes an example of this.

Forum Discussion

Server-Side Request Forgery Web App Hacking

2 Replies

Featured Places

Help & Support Forum

Related Content

Server-Side Request Forgery

Help with Cross Site Request Forgery (Twooter)

Server-Side Request Forgery Q6 & Q7

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Recent Discussions

Trick or Treat on Specter Street: Phantom Pages

FIN7 Threat Hunting with Splunk: Ep.2 – Initial Access

Trick or Treat on Specter Street: Widow's Web

Trick or Treat on Specter Street: Manor of Madness

Trick or Treat: Manor of Madness