SSRF Notes: PortSwigger Labs Continued

 

Lab 3: SSRF with blacklist-based input filter


TaskThis lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at http://localhost/admin and delete the user carlos. The developer has deployed two weak anti-SSRF defenses that you will need to bypass.

This Lab is just like the previous ones except that we need to bypass blacklist filters. This is what a normal request to the stock check feature looks like:


Passing http://localhost/admin to the stockApi parameter does not work this time. we get this response:


That's the filter blocking us. It turned out 127.0.0.1, localhost, admin are all blacklisted so cannot be used. So after trying a couple things the following was able to bypass the filter:


We get the following response:


So to complete the Lab we just proceed to delete carlos.



And that's it Lab solved.





Comments

Post a Comment

Popular posts from this blog

Before You Dive In...

OverTheWire: Bandit Lab