Forum Discussion

Akshay's avatar
Akshay
Icon for Bronze II rankBronze II
4 months ago

Server-Side Request Forgery

I need help with step 5 and 6 of Server-Side Request Forgery lab. I was able to find the location of potential SSRF i.e "lookup?url=http://localhost:3000/online" after that I have tried directory traversal and other methods in place of HTTP (FTP). Nothing seems to working to get the bot name/service account

application security
offensive cyber
  • NyePrior's avatar
    NyePrior
    3 months ago

    If you take a look at the 'In this lab' section of the briefing panel, it'll give you the URL you need to access:

    To test the application, they've added a remote debug service to the server, the configuration of which can be found in the root directory (http://localhost:3000/[bot-name]/config) 

    So, you'll need to identify the bot's name before you'll have the specific URL to try and access. You can find that information on the homepage of the application 🙂

  • NyePrior's avatar
    NyePrior
    Icon for Immerser rankImmerser
    4 months ago

    Hey Akshay - there is a very rudimentary text-based filter in place on the application, and as a small hint, I'll let you know that this filter is case-sensitive. Let me know if that helps at all 🙂

      • NyePrior's avatar
        NyePrior
        Icon for Immerser rankImmerser
        3 months ago

        If you take a look at the 'In this lab' section of the briefing panel, it'll give you the URL you need to access:

        To test the application, they've added a remote debug service to the server, the configuration of which can be found in the root directory (http://localhost:3000/[bot-name]/config) 

        So, you'll need to identify the bot's name before you'll have the specific URL to try and access. You can find that information on the homepage of the application 🙂