Translation As A Service


Moving from one language to another can be rather difficult. Translation As A Service is a system that will allow you to smoothly use our own custom and unique translation algorithm, to transition from your own language to another.


We access the site and see a user interface which allows translating fron English to Spanish:

For example:

After playing around a bit, it appeared that the service is vulnerable to SSRF:

We can see that if we request a URI, we get the source code. What if we try to access localhost?

The request is being blocked by a WAF. If it's based on a blacklist, we might be able to bypass it using a different way to express localhost. PayloadAllTheThings is very helpful with this.

We can use the following Python script to try anything that looks like a URI from the cheat sheet:

The output:

Octal representation did the trick.

The flag: BSidesTLV{S$RF-1N-TR4NSLAT3-!Z-S0-KEWL!}