[SSRF] Lab 1: Basic SSRF against the local server

April 26, 2024

[SSRF] Lab 1: Basic SSRF against the local server

Lab 1: Basic SSRF against the local server

This lab is apart of my journey on to the burp suite certified practitioner. And is on the server side vulnerabilities pathway from Port Swigger.

so like usual the first this i always do is vist the site without and proxy i just want to get basic understanding of the structure of the site.

The site look like some type of shop with multiple different products with prices and ratings. lets see what information we might also be able to gather to help us access the admin interface.

my thought process right now is to visit the different products to see is there is any quantity related to each product on website since usually the web application can be exploited by capturing the request made to the local REST APIʼs to query for the stock quantity information.

Stock INFO Possible SSRF vulnerability found!

So we can see there is an option to check stock quantity on the product lets look at the request that go through with foxy proxy and burp to see what information we can get.

as we can see there is a request being made to some type of API if we simply

change that stockApi= we might be able to gain access to the

admin page though exploiting the trust relation ship the web application has with handling request coming from the local machine.

before I send this request i need to make sure i URL encode the new URL. luckily Burp suite as the ability to encode as you type but also convert highlighted text to URL encoding.

after forwarding the request we can see we gain access to view the /admin page:

and because we exploited the trust relationship the web app had with request coming from the local machines not needing to be authenticated i can now delete Carlos.