webPromedium
PingForge
hackadvisor
Task: PingForge webhook platform with URL validation blocklist preventing SSRF to internal metadata service on localhost:3001. Solution: Bypass blocklist using IPv6-mapped IPv4 address (::ffff:127.0.0.1) to reach internal /credentials endpoint and extract flag from AWS IAM secret_access_key.
$ ls tags/ techniques/
sqlitessrfnodejsnginxexpresswebhookipv6honeypot_flagurl_validationblocklist_bypassipv6_mapped_ipv4metadata_endpointaws_credentials
ssrf_via_webhookipv6_mapped_ipv4_bypassurl_validation_bypassinternal_service_enumerationwebhook_delivery_log_exfiltrationdecoy_flag_avoidance
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [web][Pro]Lab 6 — HookRelay — SSRF via IPv6-Mapped-IPv4 Bypass— hackadvisor
- [web][Pro]Lab 347 — PushRelay — SSRF via URL Parsing Confusion in Webhook Tester— hackadvisor
- [web][Pro]WebhookForge— hackadvisor
- [web][Pro]Lab 91 — PingRadar — SSRF Filter Bypass via Open Redirect Chain— hackadvisor
- [web][Pro]Lab 92 — EventPulse — SSRF via IPv6 Bypass in Webhook Verification— hackadvisor