Basic SSRF against another back-end system
https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-backend-system
Last updated
https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-backend-system
Last updated
Let's check out the stock.
We can intercept the request using Burpsuite and send it to the Intruder
.
We do not know the IP address of the back-end system. We can find it by fuzzing all the IP addresses in the network.
Let's set the stockApi
parameter to the following:
For the payload, the type is Numbers
from 1-255.
Let's start the attack.
After some time we can see the only request that returned a 200
response code is the one where the last field is 59
.
This means that the IP address of the backend system is 192.168.0.59
.
Finally, we have to send the request to the Repeater
and set the stockAPI
parameter to the following:
We have solved the lab