Owasp Juice Shop Ssrf Site
In some versions, Juice Shop implements a simple url.startsWith('https://') check. Attackers bypass with:
curl "http://localhost:3000/api/Image?url=http://localhost:3000/encryptionkey.txt" owasp juice shop ssrf
In some versions, Juice Shop implements a simple url.startsWith('https://') check. Attackers bypass with:
curl "http://localhost:3000/api/Image?url=http://localhost:3000/encryptionkey.txt" owasp juice shop ssrf