Basic SSRF Against Another Back-End System | PortSwigger Lab (Apprentice)

In this video, I demonstrate how to exploit Server-Side Request Forgery (SSRF) to scan an internal network (192.168.0.X) and access an admin interface on port 8080 to delete the user "carlos." Lab Summary: - The application has a stock check feature that queries an internal system. - The target admin interface is hosted on an internal IP (192.168.0.X) on port 8080. - Our goal is to use SSRF to enumerate the internal network, find the admin panel, and send a request to delete the user "carlos." 🛠️ Exploitation Techniques Used: ✅ Modifying the stock check URL to target an internal network (192.168.0.X) ✅ Scanning internal IPs by observing response differences ✅ Finding the admin panel on port 8080 ✅ Sending a request to delete "carlos" via SSRF Why This Matters? SSRF is commonly used to pivot into internal networks, especially in cloud environments and corporate infrastructures. Attackers use this technique to: ✅ Enumerate internal services (port scanning) ✅ Access sensitive endpoints (admin panels, metadata APIs) ✅ Exploit internal APIs that aren't exposed to the internet ⚡ Stay Updated! 🔔 Subscribe for more bug bounty tips, hacking tutorials, and PortSwigger lab walkthroughs! 👍 Like & Share if you found this helpful! #BugBounty #SSRF #EthicalHacking #PortSwigger #CyberSecurity #WebSecurity