Forum Discussion

Bronze I

2 months ago

Solved

Server-Side Request Forgery Web App Hacking

I've been banging my head against this for a few hours now and worked my way all the way through to step 7. I am not able to retrieve /tmp/token.txt. I've tried modifying the "url" param key and fo...

challenges

AtakanBal
2 months ago
Hi pcarra1,

Yes, it’s about modifying the URL value, but not through directory traversal or bypassing filters. There’s another method you can use that involves a different URI scheme other than "http". The briefing section includes an example of this.

AtakanBal

Bronze III

2 months ago

Hi pcarra1,

Yes, it’s about modifying the URL value, but not through directory traversal or bypassing filters. There’s another method you can use that involves a different URI scheme other than "http". The briefing section includes an example of this.

pcarra1

Bronze I

2 months ago

I figured it out..... for the life of me I swear I tried that before posting. Persistence is key thanks for the reply!

Forum Discussion

Server-Side Request Forgery Web App Hacking

Featured Places

Help & Support Forum

Related Content

Server-Side Request Forgery

Help with Cross Site Request Forgery (Twooter)

Server-Side Request Forgery Q6 & Q7

Stuck on “Server-Side Template Injection: Ep.2 – Identifying SSTI Vulnerabilities”

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Recent Discussions

Trick or Treat on Specter Street: Phantom Pages

FIN7 Threat Hunting with Splunk: Ep.2 – Initial Access

Trick or Treat on Specter Street: Widow's Web

Trick or Treat on Specter Street: Manor of Madness

Trick or Treat: Manor of Madness