Rating:

Look at the server codes, the server try to filter the input then create a new page and pasting the input in there. Then the server automatically request the page.
The flag is in the same page and store in the third "

" tag . So we can try to bypass the filter to XSS and send the flag to our server by SSRF.

Full payload: 404 Not Found

eroloJune 14, 2021, 8:08 a.m.

looks good but doesn't work.. can you provide me with detailed writeup?