Super Secure Requests Forwarder
| ID: | 1877 |
|---|---|
| 标题: | Super Secure Requests Forwarder |
| 描述: | Author : zeyu2001 Category : Web Solution Description Hide your IP address and take back control of your privacy! Visit websites through our super secure proxy. Difficulty Easy |
| 类型: | WEB |
| 网站: | bugku |
| 题目链接: | https://ctf.bugku.com/challenges/detail/id/2022.html |
| 赛事: | SEETF2022 |
| 年度: | 2022 |
| Flag值: | 无 |
| writeup: |
验证后的网址 使用DNS rebinding攻击绕过advocate库的SSRF防护,通过两次请求的不同响应访问/flag端点 https://blog.xenosf.io/SEETF%202022/Web/Super%20Secure%20Requests%20Forwarder/ 通过构造恶意服务器返回不同响应(首次返回正常内容,二次重定向至localhost/flag)实现漏洞利用 1 https://blog.csdn.net/weixin_45751765/article/details/125149348 |