In this video we see how an attacker can exploit SSRF on a Vulnerable web application to get access to the admin panel on another server within a local network. In this scenario the server that hosts the admin panel resides in a local network and has a private IP address(192.168.0.X) and therefore it not accessible to remote attackers. However, the server that hosts the vulnerable web application is also part of the same local network and is able to interact with the server that hosts the admin panel. During this video we see how an attacker abuse the trust relationship between application server and the admin panel server and manages to perform sensitive actions such as deleting a user.
Web Security Academy | SSRF - Lab02: Basic SSRF against another back-end system.
[ Ссылка ]
Twitter: [ Ссылка ]
