Learning SSRF with Portswigger Labs

Basic SSRF against the local Server https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost When accessing a product page an check stock link checks the stock through an API on some URL. We just need to change the url to localhost/admin where we can see user delete links and here we go with the request to delete that carlos: POST /product/stock HTTP/1.1 … Read moreLearning SSRF with Portswigger Labs