Forum Discussion

Bronze I

2 months ago

Server-Side Request Forgery

I need help with step 5 and 6 of Server-Side Request Forgery lab. I was able to find the location of potential SSRF i.e "lookup?url=http://localhost:3000/online" after that I have tried directory tra...

application security

offensive cyber

Akshay

Bronze I

I have already attempted to capitalize each character individually on the endpoints '/lookup?url=http://localhost:3000' and '/lookup?url=http://localhost:3000/online'. Am I using the correct endpoints?

NyePrior

Immerser

2 months ago

If you take a look at the 'In this lab' section of the briefing panel, it'll give you the URL you need to access:

To test the application, they've added a remote debug service to the server, the configuration of which can be found in the root directory (http://localhost:3000/[bot-name]/config)

So, you'll need to identify the bot's name before you'll have the specific URL to try and access. You can find that information on the homepage of the application 🙂

Forum Discussion

Server-Side Request Forgery

Related Content

Re: I Have Registered For Cyber Million But No Longer Wish To Keep My Account. How Can I Delete It?

Re: Delete Cyber Million Account

Re: Question about my Cyber Million job application

Re: How Can I Contact The Prospective Employer If I Have A Question?

Re: IoT & Embedded Devices: Certificate Underpinning

Recent Discussions

SuperSonic: Ep.6 – TEMPLE

Events & Breaches: Magecart Skimmer

Zeek - Demonstrate Your Skills

CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive

Foundational Static Analysis: Analyzing Structures