Server Side Request Forgery

50 Points

SSRF

Author

sambecks, 22 June 2018

Level

Validations

89 Challengers 1%

Note

20 Votes

To reach this part of the site please login

Solution

Submit a solution

Challenge Results

Pseudo	Challenge	Lang	date
Cadmium	Server Side Request Forgery		17 July 2018 at 10:30
B14CK SPID3R	Server Side Request Forgery		17 July 2018 at 10:28
Styix	Server Side Request Forgery		17 July 2018 at 00:11
cactuschibre	Server Side Request Forgery		17 July 2018 at 00:11
booyaabes	Server Side Request Forgery		17 July 2018 at 00:11
di0zx	Server Side Request Forgery		15 July 2018 at 15:50
ahervi15	Server Side Request Forgery		15 July 2018 at 00:29
0xUKN	Server Side Request Forgery		13 July 2018 at 22:33
berga	Server Side Request Forgery		13 July 2018 at 21:33
dsavitski	Server Side Request Forgery		13 July 2018 at 21:04

55 Challenges

Results	Challenge's Name	Validations	Number of points	Difficulty	Author	Note	Solution
	HTML	50% 45036	5		g0uZ		1
	HTTP - Open redirect	12% 10761	10		Swissky		9
	Command injection	11% 9916	10		sambecks		7
	Weak password	39% 35028	10		g0uZ		5
	User-agent	26% 23279	10		g0uZ		8
	Backup file	20% 17625	15		g0uZ		6
	HTTP directory indexing	27% 23720	15		g0uZ		4
	HTTP Headers	17% 15272	15		Arod		8
	HTTP verb tampering	16% 14327	15		g0uZ		8
	Install files	17% 14871	15		g0uZ		2
	Improper redirect	13% 11471	15		Arod		8
	CRLF	10% 8955	20		g0uZ		5
	File upload - double extensions	12% 10776	20		g0uZ		8
	File upload - MIME type	10% 8249	20		g0uZ		6
	HTTP cookies	15% 13243	20		g0uZ		5
	Directory traversal	13% 11182	25		g0uZ		1
	File upload - null byte	9% 7805	25		g0uZ		4
	PHP assert()	5% 3707	25		Birdy42		8
	PHP filters	8% 7040	25		g0uZ		3
	PHP register globals	7% 5844	25		g0uZ		1
	File upload - ZIP	2% 1609	30		ghozt		3
	Command injection - Filter bypass	2% 1219	30		sambecks		6
	Local File Inclusion	10% 9016	30		g0uZ		3
	Local File Inclusion - Double encoding	5% 4042	30		zM		3
	PHP - Loose Comparison	2% 1087	30		ghozt		3
	PHP preg_replace()	4% 3172	30		sambecks		4
	PHP type juggling	4% 3012	30		vic511		3
	Remote File Inclusion	5% 3987	30		g0uZ		6
	Server-side Template Injection	4% 3196	30		righettod		3
	SQL injection - authentication	14% 12688	30		g0uZ		11
	SQL injection - authentication - GBK	3% 2208	30		dvor4x		3
	SQL injection - string	7% 5882	30		g0uZ		7
	XSLT - Code execution	1% 741	30		ghozt		5
	LDAP injection - authentication	5% 3712	35		g0uZ		8
	NoSQL injection - authentication	3% 2587	35		mastho		5
	Path Truncation	3% 1843	35		Geluchat		3
	PHP Serialization	3% 2595	35		Arod		2
	SQL injection - numeric	6% 4815	35		g0uZ		5
	SQL Injection - Routed	2% 1005	35		soka		4
	SQL Truncation	3% 2113	35		Geluchat		2
	XML External Entity	2% 1390	35		sambecks		1
	XPath injection - authentication	4% 2781	35		g0uZ		3
	Java - Spring Boot	1% 544	40		dvor4x		2
	Local File Inclusion - Wrappers	1% 879	40		sambecks		2
	SQL injection - Error	3% 2086	40		sambecks		3
	SQL injection - Insert	1% 902	40		sambecks		2
	SQL injection - file reading	2% 1715	40		Arod		1
	XPath injection - string	2% 1512	40		g0uZ		2
	NoSQL injection - blind	1% 810	45		ghozt		3
	SQL injection - Time based	2% 1535	45		ycam		2
	Server Side Request Forgery	1% 89	50		sambecks		0
	SQL injection - blind	4% 2875	50		g0uZ		4
	LDAP injection - blind	2% 1071	55		g0uZ		1
	XPath injection - blind	1% 677	75		g0uZ		2
	SQL injection - filter bypass	1% 629	80		sambecks		4