Tags: swampctf2019

Rating:

### Problem Description

It's the year 1997 and the Internet is just heating up! :fire:

In order to get ahead of the curve, SIT Industries® has introduced it's first Internet product: The Link Saver™. SIT Industries® has been very secretive about this product - even going so far to hire Kernel Sanders® to test the security!

However, The Kernel discovered that The Link Saver had a little bit of an SSRF problem that allowed any user to fetch the code for The Link Saver™ from https://localhost/key and host it themselves :grimacing:. Fortunately, with a lil' parse_url magic, SIT Industries® PHP wizards have patched this finding from Kernel Sanders® and are keeping the code behind this wonderful site secure!

... or have they? :wink:

chal1.swampctf.com:1244

-= Created by andrewjkerr =-

- - - -

### Solution

After connecting to the [website](http://chal1.swampctf.com:1244/) of the challenge, we obtain the following page:

There was an input field in the page allowing us to send a request to the URL we wanted.

After some tries I noticed that the only accepted URL was _www.google.com_. Taking this into account, I tried injecting _http://google.com#@localhost/key_.



<html>
<body>

<form action="/" method="POST">
<input type="submit" />
</form>