Lab 282 — StreamForge — SSRF via Webhook Test Bypasses Proxy Auth

hackadvisor

Task: StreamForge monitoring dashboard has nginx proxy blocking /admin/* endpoints, but a webhook test feature allows full-read SSRF with response body returned. Solution: use SSRF to scan localhost ports, discover gunicorn backend on port 3001 behind nginx (port 8080), hit /admin/system-config directly on backend bypassing proxy auth to retrieve the flag from master_key field.