Triskel 1: First Contact

Server-side Request Forgery (SSRF)


Coronavirus affected our airport so much that our dev team developed an app to keep track of it! I mean they didn't have much time to make it, but what could go wrong?

by Remsio


Pivoting from the previously found IP address, we scan this IP address to find that there is a HTTP service running on it.

This seems to be the app that the challenge is talking about.

While fuzzing the input, I found that it uses curl.

Additionally, it appears that the IP address in the URL is checked against a whitelist of allowed IP ranges. These were,, and 10.0.43/24.

We can run a Burp intruder scan to find out what other hosts we can connect to through

Indeed, on scanning the network, we find and is a valid endpoint.

Last updated