Basic SSRF against another back-end system

This lab has a stock check feature which fetches data from an internal system.

To solve the lab, use the stock check functionality to scan the internal 192.168.0.X range for an admin interface on port 8080, then use it to delete the user carlos.

they give you some info 192.168.0.X on port 8080 and need to get to admin page to delete carlos

payload to remove carlos is get the payload from right clicking the link and getting the link. or view the html code from response.

Last updated