Basic SSRF against another back-end system

https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-backend-system

Let's check out the stock.

We can intercept the request using Burpsuite and send it to the Intruder.

We do not know the IP address of the back-end system. We can find it by fuzzing all the IP addresses in the network.

Let's set the stockApi parameter to the following:

http://192.168.0.X:8080/admin

For the payload, the type is Numbers from 1-255.

Let's start the attack.

After some time we can see the only request that returned a 200 response code is the one where the last field is 59.

This means that the IP address of the backend system is 192.168.0.59.

Finally, we have to send the request to the Repeater and set the stockAPI parameter to the following:

http://192.168.0.159:8080/admin/delete?username=carlos

We have solved the lab

Last updated 1 year ago

Was this helpful?