Burp Suite User Forum

Login to post

Lab: Blind SSRF with Shellshock exploitation

Thoms | Last updated: Feb 23, 2021 02:40PM UTC

Hey everybody! So I resolved this lab with the help of the solution but I still didn't get every part of it. First, the Collaborator Everywhere Issues gives us which Information when they show "Collaborator Pingback (HTTP): Referer" and "Collaborator Pingback (HTTP): user-Agent"? It may explains that the lab site has visited the URL specified in the Referer header, but what about the user-agent issue? Then, how did we know that the server was on the 8080 port because I was looking for an address that looks like 192.168.0.X so I would have never found the internal server address!!!

Michelle, PortSwigger Agent | Last updated: Feb 25, 2021 10:38AM UTC

Thanks for your message. We've updated the Lab description to mention port 8080. This is mentioned in other labs but was missed from this one, so thanks for letting us know! For your other question, the lab fetches the URL in the Referer header due to the "analytics software". The fact that it reuses the User-Agent header from your original request is just down to the configuration of this particular lab. Please let us know if you need any further assistance.

You need to Log in to post a reply. Or register here, for free.