Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Solution for "Lab: SSRF with blacklist-based input filter

Fabian | Last updated: Mar 30, 2020 08:35AM UTC

Hello, the intended solution of this lab doesn't seem to work. After some testing I couldn't find a way to "enter" the admin area. "Encoding" the IP address works fine, but enter "admin" doesn't work at all. I tried UTF8 and some other and after some time I looked up the solution and it doesn't work. Theoretically this should be valid solutions: stockApi=http://127.1:8080/%2561dmin -> "Could not connect to external stock check service" stockApi=http://127.1:8080/%25%36%31%25%36%34%25%36%64%25%36%39%25%36%65 -> "Could not connect to external stock check service" stockApi=http%3A%2F%2F127.1%3A8080%2F%2561dmin -> "Could not connect to external stock check service" Greetings

Uthman, PortSwigger Agent | Last updated: Mar 30, 2020 09:18AM UTC

Hi Fabian, I have just tested the solution and it works. Do you still have the product parameters from the original stockApi request populated along with the http://127.1/%2561dmin? Please have another go at the lab. Hint: you will need to investigate the response to find out how to delete Carlos. If you still cannot solve the lab, please send screenshots of the request you are response tab in Repeater to support@portswigger.net.

Fabian | Last updated: Mar 31, 2020 11:40AM UTC

Hello, well I just have seen my mistake... It works as intended, forgot to remove the port number. Well sometimes you can't the the obvious. Thanks.

Uthman, PortSwigger Agent | Last updated: Mar 31, 2020 12:08PM UTC

Hi Fabian, Thank you for your feedback. Please let me know if you need any further assistance! Best Regards, Uthman Eqbal Technical Product Specialist PortSwigger Web Security

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.