Forum Discussion
Bronze IIServer-Side Request Forgery
If you take a look at the 'In this lab' section of the briefing panel, it'll give you the URL you need to access:
To test the application, they've added a remote debug service to the server, the configuration of which can be found in the root directory (http://localhost:3000/[bot-name]/config)
So, you'll need to identify the bot's name before you'll have the specific URL to try and access. You can find that information on the homepage of the application 🙂
ImmerserHey Akshay - there is a very rudimentary text-based filter in place on the application, and as a small hint, I'll let you know that this filter is case-sensitive. Let me know if that helps at all 🙂
AkshayI have already attempted to capitalize each character individually on the endpoints '/lookup?url=http://localhost:3000' and '/lookup?url=http://localhost:3000/online'. Am I using the correct endpoints?
- NyePrior
If you take a look at the 'In this lab' section of the briefing panel, it'll give you the URL you need to access:
To test the application, they've added a remote debug service to the server, the configuration of which can be found in the root directory (http://localhost:3000/[bot-name]/config)
So, you'll need to identify the bot's name before you'll have the specific URL to try and access. You can find that information on the homepage of the application 🙂
