SSRF Vulnerability on Major Gaming Company
Challenge Description
You've found a gaming company's content service that fetches resources from URLs you provide. But what happens when you point it somewhere the developers never intended - like the server's own internal network?
Based on a real critical finding that allowed access to internal cloud infrastructure and sensitive credentials at a major gaming company.
Your mission, should you choose to accept it: trick the server into making requests it shouldn't, reach what's hidden inside, and extract the flag.
Challenge URL
플래그 제출
