← All Challenges
Challenge 33 of 66

Server Spy

🟠 Hard Web App +100 XP

A URL preview feature fetches any URL you provide. Trick it into fetching an internal service at http://169.254.169.254/flag.

Server Spy // sandbox
SSRF = Server-Side Request Forgery. The server fetches URLs for you — including internal ones.

🏆 Challenge Complete!

+100 XP earned
Next Challenge →
← Prev Next →