๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
๋ฐ˜์‘ํ˜•

web-ssrf1

[Dreamhack] Level2: web-ssrf ๐Ÿ›Ž๏ธAccess flask๋กœ ์ž‘์„ฑ๋œ image viewer ์„œ๋น„์Šค์ด๋‹ค. SSRF ์ทจ์•ฝ์ ์„ ์ด์šฉํ•ด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“. ํ”Œ๋ž˜๊ทธ๋Š” /app/flag.txt์— ์žˆ๋‹ค. ๐Ÿ‘พExploit Algorithm & Payload ๋”๋ณด๊ธฐ #!/usr/bin/python3 from flask import ( Flask, request, render_template ) import http.server import threading import requests import os, random, base64 from urllib.parse import urlparse app = Flask(__name__) app.secret_key = os.urandom(32) try: FLAG = open("./flag.txt", "r").rea.. 2023. 9. 9.
๋ฐ˜์‘ํ˜•

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”