SSRF via parsing incorrect de la requête

SSRF via flawed request parsing

This lab is vulnerable to routing-based SSRF due to its flawed parsing of the request's intended host. You can exploit this to access an insecure intranet admin panel located at an internal IP address.

To solve the lab, access the internal admin panel located in the 192.168.0.0/24 range, then delete the user carlos.

si intento cambiar el host me pone forbidden

podemos hacer que el valor host no lo tome en cuenta vamos a poner

ahora me sale el mensaje de errro

vamos a lanzar un attaque al intruder

me detecta la ip 192.168.0.92 con el codigo de estado 302

y borramos al user carlos

Mis à jour