Can you leverage the SSRF vulnerability to identify port 3002 listening locally on the web server? Answer format: Yes, No
I don’t get it?
dfgdfdfgdfd@htb[/htb]$ echo "http://<VPN/TUN Adapter IP>:<LISTENER PORT>" | tr -d '\n' | base64
dfgdfdfgdfd@htb[/htb]$ curl "http://<TARGET IP>:3000/api/userinfo?id=<BASE64 blob>"
the api is at port 3000, other application are utilizing 3002 and no SSRF on 3002.
So what’s the solution to the question? (obviously not by guessing yes or no. lol.)