入力したURLのホスト名がlocalhostだと受け付けないようです。parse_url()関数の脆弱性でホスト名を誤って解釈させることができるようです。次のように入力するとフラグが表示されます。Brokerboard
183
It's the year 1997 and the Internet is just heating up! :fire:
In order to get ahead of the curve, SIT Industries® has introduced it's first Internet product: The Link Saver™. SIT Industries® has been very secretive about this product - even going so far to hire Kernel Sanders® to test the security!
However, The Kernel discovered that The Link Saver had a little bit of an SSRF problem that allowed any user to fetch the code for The Link Saver™ from https://localhost/key and host it themselves :grimacing:. Fortunately, with a lil' parse_urlmagic, SIT Industries® PHP wizards have patched this finding from Kernel Sanders® and are keeping the code behind this wonderful site secure!
... or have they? :wink:
chal1.swampctf.com:1244
-= Created by andrewjkerr =-
フラグは、
flag{y0u_cANn0t_TRU5t_php}です。