This lab has a stock check feature which fetches data from an internal system.
To solve the lab, change the stock check URL to access the admin interface at
http://localhost/admin and delete the user
/adminand observe that you can't directly access the admin page.
http://localhost/admin. This should display the administration interface.
stockApiparameter, to deliver the SSRF attack.