https://stream.echo6.co/videos/watch/5ccae423-257c-44be-a56a-e267770dc817 I made a web hacking challenge for the Cyber Security Challenge Germany (cscg) 2021. Grab the files: https://github.com/LiveOverflow/ctf-screenshotter Cyber Security Challenge Germany: https://www.cscg.de/ 00:00 - Introduction to screenshotter app 00:58 - Setup the challenge 01:38 - First overview of functionality 03:07 - Review application architecture 03:51 - The chrome service 04:19 - The main app service 05:07 - Chrome service IP leak 06:22 - The app secret 06:54 - Methodology: go for complex features 09:22 - The flagger/admin service 11:30 - First attack idea: XSS 11:55 - Reviewing flask templates 13:09 - Useless self-XSS? 13:38 - Bypass demo restriction 15:45 - Using the Chrome SSRF? 17:00 - Leak websites of other users 18:31 - THE EXPLOIT! 22:04 - Outro -=[ ❤️ Support ]=- → Support: https://liveoverflow.com/support → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ Wed, 15 Apr 2026 09:50:05 GMT https://validator.w3.org/feed/docs/rss2.html PeerTube - https://stream.echo6.co https://stream.echo6.co/client/assets/images/icons/icon-512x512.png https://stream.echo6.co/videos/watch/5ccae423-257c-44be-a56a-e267770dc817 All rights reserved, unless otherwise specified in the terms specified at https://stream.echo6.co/about and potential licenses granted by each content's rightholder.