webPromedium
Lab 92 — EventPulse — SSRF via IPv6 Bypass in Webhook Verification
hackadvisor
Task: EventPulse webhook platform with URL verification feature that has IPv4-only SSRF blocklist. Solution: Bypass string-based URL filter using IPv6-mapped IPv4 address [::ffff:127.0.0.1] to reach internal metadata service on port 3001 and retrieve flag from /internal/flag.
$ ls tags/ techniques/
ssrfnodejsnginxexpressinternal_servicehoneypotwebhookipv6url_validationblocklist_bypassipv6_mapped_ipv4metadata_endpointanti_ai_trapprompt_injection_decoy
ipv6_mapped_ipv4_bypassurl_validation_bypassinternal_service_enumerationssrf_via_webhook_verifyresponse_body_exfiltration
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [web][Pro]Lab 6 — HookRelay — SSRF via IPv6-Mapped-IPv4 Bypass— hackadvisor
- [web][Pro]Lab 347 — PushRelay — SSRF via URL Parsing Confusion in Webhook Tester— hackadvisor
- [web][Pro]Lab 97 — UptimePulse — SSRF Chain to RCE via Cloud Metadata— hackadvisor
- [web][Pro]PingForge— hackadvisor
- [web][Pro]Lab 91 — PingRadar — SSRF Filter Bypass via Open Redirect Chain— hackadvisor