Lab 205 — DockForge — SSRF in Webhook Test Endpoint

hackadvisor

Task: DockForge container registry with webhook test feature that performs server-side HTTP requests without SSRF protection. Solution: Created webhook pointing to internal metadata service (127.0.0.1:3001) disclosed in settings page, triggered test delivery to extract secrets via full-read SSRF.

ssrf nodejs information_disclosure nginx express internal_service webhook metadata_service container_registry

ssrf_via_webhookinternal_service_discoverywebhook_test_endpoint_abuseno_url_validationfull_read_ssrf

$ ls tags/ techniques/

ssrf nodejs information_disclosure nginx express internal_service webhook metadata_service container_registry

ssrf_via_webhookinternal_service_discoverywebhook_test_endpoint_abuseno_url_validationfull_read_ssrf

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 116 — InsightForge — IDOR via Undocumented Internal API— hackadvisor
[web][Pro]WebhookForge— hackadvisor
[web][Pro]Lab 209 — BuildForge — Path Traversal in Static File Serving— hackadvisor
[web][Pro]Lab 104 — CloudOps Copilot — AI SSRF via Infrastructure Tool Abuse— hackadvisor
[web][Pro]Lab 282 — StreamForge — SSRF via Webhook Test Bypasses Proxy Auth— hackadvisor