Local File Inclusion - Forever CTF (web)

Exploit SSRF for Local File Disclosure In this challenge, we analyze a web application that fetches resources based on user-supplied input. This behavior often points to a Server-Side Request Forgery (SSRF) vulnerability. 1. Identifying the Vulnerability We test the application by attempting to access a local system file using the file:// URI scheme. By submitting the payload file:///etc/passwd , we can check if the server will read and return its own internal configuration files. The application successfully returns the contents of the /etc/passwd file. This confirms the application is SSRF positive , specifically allowing for Local File Disclosure (LFD) . 2. Retrieving the Flag The lab description indicates that the flag is located at /flag.txt . Using the confirmed vulnerability, we modify our payload to target that specific file path: Payload: file:///flag.txt The server processes the request and reveals the flag: utflag{g0t_y0ur_r3s0urc3!}