Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Solution for "Lab: SSRF with blacklist-based input filter

Fabian | Last updated: Mar 30, 2020 08:35AM UTC

Hello, the intended solution of this lab doesn't seem to work. After some testing I couldn't find a way to "enter" the admin area. "Encoding" the IP address works fine, but enter "admin" doesn't work at all. I tried UTF8 and some other and after some time I looked up the solution and it doesn't work. Theoretically this should be valid solutions: stockApi=http://127.1:8080/%2561dmin -> "Could not connect to external stock check service" stockApi=http://127.1:8080/%25%36%31%25%36%34%25%36%64%25%36%39%25%36%65 -> "Could not connect to external stock check service" stockApi=http%3A%2F%2F127.1%3A8080%2F%2561dmin -> "Could not connect to external stock check service" Greetings

Dino | Last updated: Nov 07, 2023 12:19PM UTC

Same. I tried both the solution provided by portswigger and one of the community solutions. Neither of them worked for me. Are others having problems solving this?

Dino | Last updated: Nov 07, 2023 12:36PM UTC

nevermind. i figured it out.

Steven | Last updated: Jun 21, 2024 05:18AM UTC