Seems like a pretty straight forward section but I don’t see to be able to read the file.
I’ve tried two endpoints, I used “/api/v1/products” to update the products photo using this payload “PNGPhotoFileURI”: “file:///etc/flag.conf”, when I try and retrieve the photo I get an error “Failed to get the product’s photo”
Same when using the “api/v1/supplier-companies” endpoint to update the certificate URI “CertificateOfIncorporationPDFFileURI”: “file:///etc/flag.conf” I get an error when trying to read the file “base64Data”: “An error occurred while reading the file.”
Server-Side Request Forgery (SSRF) is a type of API attack where an attacker tricks a server into making unauthorized requests, potentially exposing internal services. Similarly, using a Bus Simulator Ultimate mod APK compromises security, as modified files may contain malicious code, leading to vulnerabilities like data breaches or game crashes.