: The application allows users to update their profile picture by providing a URL. The backend server fetches the image from the supplied URL without proper validation, allowing an attacker to coerce the server into making unintended requests. Technical Analysis
Juice Shop will not return real metadata, but the challenge is marked as solved if it attempts to connect to that IP. The validation logic in Juice Shop checks whether your provided URL points to 169.254.169.254 (or any loopback/internal address). juice shop ssrf
Or more classically: The functionality, where you provide a URL to an image of your broken juice. The server tries to fetch that image to validate it. : The application allows users to update their
Because the server makes the request, the error response might reveal internal paths, but the actual flag is obtained by pointing to: The validation logic in Juice Shop checks whether