Forum Discussion

Akshay's avatar
Akshay
Icon for Bronze II rankBronze II
4 months ago

Server-Side Request Forgery

I need help with step 5 and 6 of Server-Side Request Forgery lab. I was able to find the location of potential SSRF i.e "lookup?url=http://localhost:3000/online" after that I have tried directory tra...
application security
offensive cyber
  • NyePrior's avatar
    NyePrior
    3 months ago

    If you take a look at the 'In this lab' section of the briefing panel, it'll give you the URL you need to access:

    To test the application, they've added a remote debug service to the server, the configuration of which can be found in the root directory (http://localhost:3000/[bot-name]/config) 

    So, you'll need to identify the bot's name before you'll have the specific URL to try and access. You can find that information on the homepage of the application 🙂

TillyCorless's avatar
TillyCorless
Icon for Community Manager rankCommunity Manager
4 months ago

Hi Akshay 

Please let me speak with the lab author and come back to you.