Home

Day 19 - The Naughty or Nice List

Date: 19, December, 2020

Author: Dhilip Sanjay S

Server Side Request Forgery

  • SSRF

Solutions

What is Santa's password?

  • Answer: Be good for goodness sake!

  • Steps to Reproduce: Visit http://MACHINE_IP/?proxy=http%3A%2F%2Flist.hohoho.localtest.me

What is the challenge flag?

  • Answer: THM{EVERYONE_GETS_PRESENTS}

  • Steps to Reproduce: Login into admin panel using the following credentials:

    • Username: Santa

    • Password: Be good for goodness sake!

PreviousDay 18 - The Bits of ChristmasNextDay 20 - PowershELlF to the rescue

Last updated