A10:2021 | Server Side Request Forgery (2) | Cycubix Docs

Find and modify the request to display Jerry

Click the button and figure out what happened.

Solution

  • Open ZAP and launch the browser. Go into the corresponding lesson, click on "Steel the Cheese" and intercept the POST request.

  • We can see in the url request tom.png. Send the post to the Manual Request Editor and change tom for jerry.

Last updated