Basic SSRF against another back-end system

This lab has a stock check feature which fetches data from an internal system.

To solve the lab, use the stock check functionality to scan the internal 192.168.0.X range for an admin interface on port 8080, then use it to delete the user carlos.

they give you some info 192.168.0.X on port 8080 and need to get to admin page to delete carlos

port 63 is open from the scans on burp intruder. nice thing about numbers is that you can run multiple scans with out hitting the scan limit.

http://192.168.0.63:8080/admin192.168.0.63

payload to remove carlos is http://192.168.0.152:8080/admin/delete?username=carlos get the payload from right clicking the link and getting the link. or view the html code from response.

PreviousBasic SSRF against the local server NextFile Upload Vulnerabilities

Last updated 5 months ago