In this video, we cover Lab #1 in the SSRF module of the Web Security Academy. This application's stock check feature is vulnerable to SSRF. To solve the lab, we change the stock check URL to access the admin interface at http://localhost/admin and delete the user carlos.

▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬

Python script: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/ssrf/lab-01/ssrf-lab-01.py

Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/ssrf/lab-01/notes.txt

Web Security Academy Exercise Link: https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost

Rana's Twitter account: https://twitter.com/rana__khalil