Basic SSRF against another back-end system
https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-backend-system

Let's check out the stock.

We can intercept the request using Burpsuite and send it to the Intruder
.

We do not know the IP address of the back-end system. We can find it by fuzzing all the IP addresses in the network.
Let's set the stockApi
parameter to the following:
http://192.168.0.X:8080/admin
For the payload, the type is Numbers
from 1-255.

Let's start the attack.
After some time we can see the only request that returned a 200
response code is the one where the last field is 59
.

This means that the IP address of the backend system is 192.168.0.59
.
Finally, we have to send the request to the Repeater
and set the stockAPI
parameter to the following:
http://192.168.0.159:8080/admin/delete?username=carlos

We have solved the lab

Last updated
Was this helpful?