Basic SSRF Against Another Back-End System | PortSwigger Lab (Apprentice)

In this video, I demonstrate how to exploit Server-Side Request Forgery (SSRF) to scan an internal network (192.168.0.X) and access an admin interface on port 8080 to delete the user "carlos."

Lab Summary:
The application has a stock check feature that queries an internal system.
The target admin interface is hosted on an internal IP (192.168.0.X) on port 8080.
Our goal is to use SSRF to enumerate the internal network, find the admin panel, and send a request to delete the user "carlos."

🛠️ Exploitation Techniques Used:
✅ Modifying the stock check URL to target an internal network (192.168.0.X)
✅ Scanning internal IPs by observing response differences
✅ Finding the admin panel on port 8080
✅ Sending a request to delete "carlos" via SSRF

Why This Matters?
SSRF is commonly used to pivot into internal networks, especially in cloud environments and corporate infrastructures. Attackers use this technique to:
✅ Enumerate internal services (port scanning)
✅ Access sensitive endpoints (admin panels, metadata APIs)
✅ Exploit internal APIs that aren't exposed to the internet

⚡ Stay Updated!
🔔 Subscribe for more bug bounty tips, hacking tutorials, and PortSwigger lab walkthroughs!
👍 Like & Share if you found this helpful!

#BugBounty #SSRF #EthicalHacking #PortSwigger #CyberSecurity #WebSecurity