Lab: Basic SSRF against another back-end system

To solve the lab, use the stock check functionality to scan the internal 192.168.0.X range for an admin interface on port 8080, then use it to delete the user carlos.

The main web page

It has a stock checker functionality

If test it, you will see it sends a POST request which connects through stockAPI parameter to an internal system.

Change it to 192.168.0.X:8080 as the exercise statement says and do a sweep on the network to see what works. Only can see a 200 through the access point (.1) and a 404 in .34. The other requests are http 500 internal server error.

Connecting to admin panel we could see both users and the option to delete them

AnteriorLab: Basic SSRF against the local server SiguienteLab: SSRF with blacklist-based input filter

Última actualización hace 5 meses