Lab: Basic SSRF against the local server

the web application have a stock functionality

decode the url

change the url to

then just decode it using crtl+u -> it will decode as url

http://localhost/admin

we can see that we can delete the user carlos in the url that is being provided

change the url to that

then we solve the lab since we deleted the user carlos

we can verify this by visitng the admin panel again

PreviousSSRFNextLab: Basic SSRF against another back-end system

Last updated