Burp Suite User Forum

Login to post

SSRF with whitelist-based input filter

John | Last updated: Jul 16, 2021 12:44AM UTC

Hi everyone, I'm working on solution of SSRF with whitelist-based input filter lab. The payload which used by solution is http://localhost:80%2523@stock.weliketoshop.net/admin/delete?username=carlos. I have searched and understood why we must use @ as well as %2523 . When %2523 is double-URL decoded, it become a hash sign (#). As I know, everything will be ignored after hash sign(#). So how the path /admin/delete?username=carlos can work properly if it is ignored by the hash sign before ? What actually happens behind the scenes ? Thank you so much !

Hannah, PortSwigger Agent | Last updated: Jul 19, 2021 02:04PM UTC

Hi

Have you read the supporting learning material, or followed the "Read more" section (A new era of SSRF)?

Unfortunately, we are unable to provide personal support or tutoring to Academy users, as we prefer to improve the experience for our entire userbase by focusing on expanding and refining our public content.

Your post will stay up on the forum for a member of the community to reply.

You need to Log in to post a reply. Or register here, for free.