.png)
22 hours ago
7 BOOK THIS SPACE FOR AD
ARTICLE AD1. Open the SSRF lab and select any product from the catalog
2. Scroll down and click the “Check Stock” button
3. Go to Burp Suite → Navigate to the HTTP History tab → Right-click on the POST /product/stock request and send it to Repeater
4. In the Repeater tab, locate the stockApi parameter
5. Modify its value to http://192.168.0.12:8080/admin and observe the server response
6. The server returns an “Invalid URL” message, meaning direct injection into this parameter is blocked
7. To bypass this restriction, we need to find a path affected by an open redirection vulnerability
8. Go back to HTTP History and look for the request GET /product?productId=1
9. Scroll down and find the link that redirects to product ID 2
10. Right-click on the request and send it to Repeater
11. Modify the request and click the Send button in Repeater
GET /product/nextProduct?currentProductId=1&path=/product?productId=213. The server responds with a Location header Location: /product?productId=2
14. This confirms that the application is vulnerable to open redirection, which we can now exploit
15. Go back to the first Repeater tab (stock check request) and modify the stockApi parameter
stockApi=/product/nextProduct?currentProductId=1&path=http://192.168.0.12:8080/admin16. Highlight the URL and press CTRL+U to encode it properly
17. The server now responds, indicating that the admin page is accessible via the open redirect vulnerability
18. Next, our objective is to delete the user “carlos”
19. Modify the path parameter to:
http://192.168.0.12:8080/admin/delete?username=carlos20. Return to your browser, and you should see that the lab is successfully solved
Bengali (Bangladesh) · 
English (United States) ·