Web service & api attacks

dfgdfdfgdfd · July 30, 2022, 4:04pm

Can you leverage the SSRF vulnerability to identify port 3002 listening locally on the web server? Answer format: Yes, No

I don’t get it?

dfgdfdfgdfd@htb[/htb]$ echo "http://<VPN/TUN Adapter IP>:<LISTENER PORT>" | tr -d '\n' | base64
dfgdfdfgdfd@htb[/htb]$ curl "http://<TARGET IP>:3000/api/userinfo?id=<BASE64 blob>"

the api is at port 3000, other application are utilizing 3002 and no SSRF on 3002.
So what’s the solution to the question? (obviously not by guessing yes or no. lol.)

dr0p · August 29, 2022, 10:36pm

Hey, have you figured it out?

dfgdfdfgdfd · August 29, 2022, 11:08pm

Yes, I mean, I got the correct answer on that question by guessing “Yes”.
But I still didn’t get the solution to arrive at that answer.

dr0p · August 30, 2022, 10:23am

same ahah