SSRF - Lab #2 Basic SSRF against another back-end system | Long Version

In this video, we cover Lab #2 in the SSRF module of the Web Security Academy. This application's stock check feature is vulnerable to SSRF. To solve the lab, we use the stock check functionality to scan the internal 192.168.0.X range for an admin interface on port 8080, then use it to delete the user carlos. ▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬ Buy my course: https://bit.ly/30LWAtE ▬ 📖 Contents of this video 📖 ▬▬▬▬▬▬▬▬▬▬ 00:00 - Introduction 00:13 - Web Security Academy Course (https://bit.ly/30LWAtE) 01:24 - Navigation to the exercise 01:59 - Understand the exercise and make notes about what is required to solve it 03:01 - Exploit the lab manually 08:46 - Script the exploit 27:46 - Summary 28:04 - Thank You ▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬ Python script: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/ssrf/lab-02/ssrf-lab-02.py Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/ssrf/lab-02/notes.txt Web Security Academy Exercise Link: https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-backend-system Rana's Twitter account: https://twitter.com/rana__khalil