This lab has a stock check feature which fetches data from an internal system.
To solve the lab, change the stock check URL to access the admin interface at
http://localhost/admin and delete the user
The developer has deployed two weak anti-SSRF defenses that you will need to bypass.
http://127.0.0.1/and observe that the request is blocked.
http://127.1/adminand observe that the URL is blocked again.