A10:2021 | Server Side Request Forgery (3) | Cycubix Docs

Change the request, so the server gets information from http://ifconfig.pro

Click the button and figure out what happened.

Solution

Like in the previous exercise, intercept with ZAP the request.

As it is requested by the exercise, we need to change the URL parameters into “http://ifconfig.pro”.