1. Web Security Academy
  2. HTTP Host header attacks
  3. Exploiting
  4. Lab

Lab: Routing-based SSRF

PRACTITIONER

This lab is vulnerable to routing-based SSRF via the Host header. You can exploit this to access an insecure intranet admin panel located on an internal IP address.

To solve the lab, access the internal admin panel located in the 192.168.0.0/24 range, then delete Carlos.