SSRF Solution

SSRF room is another informational room that teaches you about new type of vulnerabilities.

the room is fairly simple so only solutions will be provided, it’s also a part of Jr Penetration Tester path.

What does SSRF stand for?

server-side request forgery

As opposed to a regular SSRF, what is the other type?


For the next question the answer to the website will be

so what happens above is we added our own website and then we added ‘&’ since it means a new variable for the server, so it’ll be ignored and the server will process the first one which is our SSRF.

What is the flag from the SSRF Examples site?


What website can be used to catch HTTP requests from a server?

What method can be used to bypass strict rules?

Open Redirect

What IP address may contain sensitive data in a cloud environment?

What type of list is used to permit only certain input?

Allow List

What type of list is used to stop certain input?

Deny List

What is the flag from the /private directory?


and that would be all for this room, hope you got what you were looking for.