Day 19 - The Naughty or Nice List
Date: 19, December, 2020
Author: Dhilip Sanjay S
Server Side Request Forgery
SSRF
Solutions
What is Santa's password?
Answer: Be good for goodness sake!
Steps to Reproduce: Visit
http://MACHINE_IP/?proxy=http%3A%2F%2Flist.hohoho.localtest.me
What is the challenge flag?
Answer: THM{EVERYONE_GETS_PRESENTS}
Steps to Reproduce: Login into admin panel using the following credentials:
Username: Santa
Password: Be good for goodness sake!
Last updated