Date : 04 Mar, 2025

This lab has a stock check feature which fetches data from an internal system.

To solve the lab, change the stock check URL to access the admin interface at http://localhost/admin and delete the user carlos.

ACCESS THE LAB

Goal:

Access the internal admin panel by editing the stockApi parameter and manually delete a
user via the admin UI.

###  STEPS :

1. Browse to /admin and observe that you can't directly access the admin page.

2. Visit a product, click "Check stock", intercept the request in Burp Suite, and send it to Burp Repeater.

3. Change the URL in the stockApi parameter to http://localhost/admin. This should display the administration interface.

4. Read the HTML to identify the URL to delete the target user, which is:

   http://localhost/admin/delete?username=carlos

5. Submit this URL in the stockApi parameter, to deliver the SSRF attack.

Summary :

This lab teaches that SSRF vulnerabilities can be used to:

• Bypass frontend restrictions
• Access localhost-only services
• Perform sensitive actions on internal systems