Basic SSRF Against the Local Server | PortSwigger Lab (Apprentice)

In this video, I demonstrate how to exploit a Server-Side Request Forgery (SSRF) vulnerability to access an internal admin panel and delete the user "carlos." Lab Summary: - The application has a stock check feature that makes requests to an internal system. - No strict input validation is in place, allowing us to modify the request URL - Our goal is to change the stock check URL to http://localhost/admin and send a request to delete the target user. 🛠️ Exploitation Techniques Used: ✅ Understanding how the stock check feature works ✅ Modifying the request URL to access internal resources ✅ Sending an HTTP request to localhost/admin ✅ Deleting the user "carlos" via SSRF Why This Matters? SSRF vulnerabilities are frequently used to bypass network restrictions, access internal services, and even reach cloud metadata endpoints (e.g., AWS, GCP). This lab demonstrates the fundamentals of SSRF exploitation, which can be extended to more advanced attack scenarios. ⚡ **Stay Updated!** 🔔 Subscribe for more **bug bounty tips, hacking tutorials, and PortSwigger lab walkthroughs!** 👍 Like & Share if you found this helpful! #BugBounty #SSRF #EthicalHacking #PortSwigger #CyberSecurity #WebSecurity