webmedium

110 - Retro Search (Ретро поиск) - duckerz CTF

duckerz

Task: Retro-styled search engine with URL fetch functionality. Solution: Exploited SSRF via file:// protocol to read source code, discovered WAF blocking internal IPs, bypassed WAF using decimal IP format to access internal admin service.

$ ls tags/ techniques/
waf_bypassflaskssrflfi
source_code_analysisssrffile_protocol_lfidecimal_ip_bypass
🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]