Skip to main content

Basic SSRF against another back-end system

1

Let's check out the stock.

2

We can intercept the request using Burpsuite and send it to the Intruder.

3

After setting the stockAPI field to the following, we can select the payloads.

http://192.168.0.X:8080/admin

For the payload, the type is Numbers from 1-255.

4

Let's start the attack.

After some time we can see the only request that returned a 200 response code.

5

Finally, we have to send the request to the Repeater and set the stockAPI field to the following:

http://192.168.0.159:8080/admin/delete?username=carlos

6

We have solved the lab

7