So I'm doing a CTF problem currently and I do know what the potential vuln is (unfiltered SSRF via puppeteer on the server), but because I'm a bit of a noob I'm unsure as to how exactly I'm able to exploit it further in order to achieve access within the localhost-eyes-only directories of the server.
I'm able to execute javascript and have tried making a fake website that would just execute javascript on the remote machine that ran a fetch call on "localhost", with the results being sent back via GET parameters to the attacking server. However, I eventually quickly realized it was futile as CORS was enabled, thus leaving me in a familiar yet head-scratching position.
What exactly do I do from here? I'm not exactly looking for exact answers or solutions obviously, but is there any way I could be able to perform SSRF whilst having javascript access? Or should I look for another vulnerability as this could just be a dead end I tried so desperately to view as a door?
[link] [comments]
from hacking: security in practice https://ift.tt/33DqEcL
Comments
Post a Comment