Assessment

Question 1

Which of the following would make for a good vAPI request to test for SSRF?

Solution

/vapi/serversurfer

Which type of SSRF attacks is vAPI susceptible to?

Solution

What HTTP status code does vAPI's serversurfer respond with when using http://127.0.0.1 as a payload?

Solution

403

What HTTP status code does vAPI's serversurfer respond with for a successful SSRF attack?

Solution

200

What happens to data retrieved by vAPI with a successful in-band SSRF attack against the serversurfer?

Solution

The resources retrieved are sent back base64 encoded

Last updated 1 year ago

Which of the following would make for a good vAPI request to test for SSRF?

Solution

/vapi/serversurfer

Which type of SSRF attacks is vAPI susceptible to?

Solution

What HTTP status code does vAPI's serversurfer respond with when using http://127.0.0.1 as a payload?

Solution

403

What HTTP status code does vAPI's serversurfer respond with for a successful SSRF attack?

Solution

200

What happens to data retrieved by vAPI with a successful in-band SSRF attack against the serversurfer?

Solution

The resources retrieved are sent back base64 encoded

Last updated 1 year ago