Ecorp

Challenge Description

add the website to the burp suite target scope

through the web application and click on all the Recent Posts

after doing this coming back to the burp sitemap to view all the requests done

send this request to repeater

The "file:///" URL scheme typically refers to a local file path on a network so this can potentially be vulnerable to Server-Side Request Forgery (SSRF) attacks since the app processes user supplied input so we can make unauthorized requests to internal resources or services by manipulating input that is used to fetch data from external sources.

{"post":"http://admin-panel.local"}

Flag

uctf{4z174_1n_urm14}