webmedium
Звездный сейф (Star Safe)
hackerlab
Task: PHP web application with avatar upload feature and admin panel. Solution: SSRF via hidden avatar URL field to bypass localhost IP whitelist and extract admin credentials from internal endpoint.
$ ls tags/ techniques/
ssrfphpauthentication_bypasslocalhost_bypassfile_get_contentsadmin_takeoverserver_side_request_forgeryavatar_uploadhidden_fieldip_whitelist
SSRF via avatar URL field during registrationLocalhost IP whitelist bypassAdmin secret extraction via internal requestAuthentication bypass using leaked credentials
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Create a free account with GitHub, then upgrade to Pro.
$ssh [email protected]