Web Screen

S C E N A R I O
A web service allows users to submit a URL and receive a rendered screenshot of the requested webpage. The service operates by visiting the provided URL using a headless browser and returning the result.

Initial testing shows that the service is capable of accessing internal resources, suggesting potential server-side request behavior. Further inspection reveals that the browser used by the service is running an outdated version, which may expose it to known vulnerabilities.

This combination of server-side URL fetching and a vulnerable browser environment creates an opportunity to move beyond simple request manipulation and potentially compromise the underlying system.

O B J E C T I V E
Analyze the screenshot service to identify weaknesses in how it processes user-supplied URLs. Investigate the browser environment used by the service and determine how outdated components may introduce security risks. Leverage these findings to gain deeper access to the system and retrieve the flag.

Infrastructure Web Screenshot Service using Headless Browser
Provided Files None (black-box testing)
Flag Format Flag{}