We intercepted the request after clicking the Check Stock button and sent it to Burp Intruder, We then scanned for any valid ip addresses within that subnet in port 8080 :
Since there can be 255 ip addresses, we set our payload like this and started our attack:
We were then able to see a Status code 200 reply for the Payload 202 :
We set the parameter to the below and was able to access the admin panel :
stockApi=http://192.168.0.202:8080/admin
We then sent the request to delete the user carlos using the SSRF :
We visited the /admin panel again and was able to see we have deleted the user carlos and successfully solved the lab :
