Exploit SSRF for Local File Disclosure
In this challenge, we analyze a web application that fetches resources based on user-supplied input. This behavior often points to a Server-Side Request Forgery (SSRF) vulnerability.
1. Identifying the Vulnerability
We test the application by attempting to access a local system file using the file:// URI scheme. By submitting the payload file:///etc/passwd, we can check if the server will read and return its own internal configuration files.
The application successfully returns the contents of the /etc/passwd file. This confirms the application is SSRF positive, specifically allowing for Local File Disclosure (LFD).
2. Retrieving the Flag
The lab description indicates that the flag is located at /flag.txt. Using the confirmed vulnerability, we modify our payload to target that specific file path:
Payload: file:///flag.txt
The server processes the request and reveals the flag:
utflag{g0t_y0ur_r3s0urc3!}
Top comments (0)