1. Web Security Academy
  2. HTTP Host header attacks
  3. Exploiting
  4. Lab

Lab: SSRF via flawed request parsing

PRACTITIONER

This lab is vulnerable to routing-based SSRF due to its flawed parsing of the request's intended host. You can exploit this to access an insecure intranet admin panel located at an internal IP address.

To solve the lab, access the internal admin panel located in the 192.168.0.0/24 range, then delete Carlos.