Server-Side Request Forgery (SSRF)- PortSwigger Labs

Lab: Basic SSRF against another back-end system

3 min readApr 17, 2022

Lab: Basic SSRF against another back-end system

Objectives:

This lab has a stock check feature that fetches data from an internal system.

To solve the lab, use the stock check functionality to scan the internal 192.168.0.X range for an admin interface on port 8080, then use it to delete the user carlos.

Lab: Basic SSRF against another back-end system | Web Security Academy

This lab has a stock check feature which fetches data from an internal system. To solve the lab, use the stock check…

portswigger.net

Lab walkthrough

Lets check the application

Looks like stockAPI is making HTTP request to this IP address(localhost) 192.168.0.1

Server-Side Request Forgery (SSRF)- PortSwigger Labs

Lab: Basic SSRF against another back-end system

Lab: Basic SSRF against another back-end system

Lab: Basic SSRF against another back-end system | Web Security Academy

This lab has a stock check feature which fetches data from an internal system. To solve the lab, use the stock check…

Lab walkthrough

Written by Michael Koczwara