Categoría: SSRF

SSRF with filter bypass via open redirection vulnerability

Descripción This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at http://192.168.0.12:8080/admin and delete the user carlos. The stock checker has been restricted to only access the local application, so you will need to find an open redirect affecting […]

SSRF with blacklist-based input filter

Descripción This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at http://localhost/admin and delete the user carlos. The developer has deployed two weak anti-SSRF defenses that you will need to bypass. SSRF with blacklist-based input filter writeup Al entrar […]

Blind SSRF with out-of-band detection

Descripción This site uses analytics software which fetches the URL specified in the Referer header when a product page is loaded. To solve the lab, use this functionality to cause an HTTP request to the public Burp Collaborator server. Blind SSRF with out-of-band detection writeup Al iniciar el laboratorio encontraremos una tienda online: Encendemos el […]

Basic SSRF against another back-end system

Descripción This lab has a stock check feature which fetches data from an internal system. To solve the lab, use the stock check functionality to scan the internal 192.168.0.X range for an admin interface on port 8080, then use it to delete the user carlos. Basic SSRF against another back-end system writeup Al iniciar el laboratorio encontraremos una tienda […]

Basic SSRF against the local server

Descripción This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at http://localhost/admin and delete the user carlos. Basic SSRF against the local server writeup Al iniciar el laboratorio encontraremos una tienda online: Vamos a buscar la funcionalidad de ‘stock […]