SSRF Notes: PortSwigger Labs
Lab 2: Basic SSRF against another back-end system
Task: This lab has a stock check feature that fetches data from an internal system.
To solve the lab, use the stock check functionality to scan the internal 192.168.0.X range for an admin interface on port 8080, then use it to delete the user Carlos.
This Lab is just slightly different from the previous lab, we need to use the SSRF vulnerability to scan the internal server and find the right host serving a web app on port 8080 and then delete the user Carlos. The stock check functionality remains the same as in the previous lab:
The stock check URL is now different, pointing to an internal non-routable IP address.
Using Burp Intruder we brute force and found the host at 192.168.0.170.
i just love to see you explaining stuffs, you're really good at that because you don't skip anything..
ReplyDeletewell, hopefully we gonna learn alot here. waiting to see how you deal with more complex challanges.
thanks abdulhameed
Delete