This lab has a stock check feature which fetches data from an internal system.
To solve the lab, change the stock check URL to access the admin interface at
http://localhost/admin and delete the user
The developer has deployed an anti-SSRF defense you will need to bypass.
http://127.0.0.1/and observe that the application is parsing the URL, extracting the hostname, and validating it against a whitelist.
http://firstname.lastname@example.org/and observe that this is accepted, indicating that the URL parser supports embedded credentials.
#to the username and observe that the URL is now rejected.
%2523and observe the extremely suspicious "Internal Server Error" response, indicating that the server may have attempted to connect to "username".
http://localhost:email@example.com/admin/delete?username=carlosto access the admin interface and delete the target user.