A10:2021 | Server Side Request Forgery (3) | Cycubix Docs

Change the request, so the server gets information from http://ifconfig.pro

Click the button and figure out what happened.

Solution

  • Like in the previous exercise, intercept with ZAP the request.

  • As it is requested by the exercise, we need to change the URL parameters into "http://ifconfig.pro".

Last updated