Could you possibly share writeup?

[punitdarji]

Hi Captain!
I am creating lab for SSRF. COuld you possibly share writeup for your tasks?
Thank you

[Captain-K-101]

Hi There yea sure , i'll be happy to but i am currently a bit busy, i'll send it in the upcoming 2-3 days

[dycyber]

Hi Captain,I think you forgot. I take the liberty to ask you for a writeup.
Thanks!

[sahilabbasi]

Can we fetch forbidden file using fopen() in php

[Captain-K-101]

Hey @dycyber, sorry for the late response, but for writeup, i am currently swarmed with work so might not be able to make a writeup for this in the upcoming future but once free will definitely get on this .
The attacks are pretty simple to exploit basic understanding of SSRF should be enough for exploitation
for any reference materials or stuff u can ping me on twitter @Captainkay11

[Captain-K-101]

@sahilabbasi if u do have control over the fopen name parameter being passed it's possible to read files using basic lfi, but again there would be certain criteria too ,ie adequate permissions be there to read etc...

[sahilabbasi]

Bro i ask it that can we fetch forbidden file (flag.php ) using ssrf Vulernbility because when I try to fetch it it's only give me a forbidden error :(