The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

SSRF with whitelist-based input filter

John | Last updated: Jul 16, 2021 12:44AM UTC

Hi everyone, I'm working on solution of SSRF with whitelist-based input filter lab. The payload which used by solution is http://localhost:80%2523@stock.weliketoshop.net/admin/delete?username=carlos. I have searched and understood why we must use @ as well as %2523 . When %2523 is double-URL decoded, it become a hash sign (#). As I know, everything will be ignored after hash sign(#). So how the path /admin/delete?username=carlos can work properly if it is ignored by the hash sign before ? What actually happens behind the scenes ? Thank you so much !

Hannah, PortSwigger Agent | Last updated: Jul 19, 2021 02:04PM UTC