Lab 20: Basic SSRF against the local server
📰 Medium · Cybersecurity
Tujuan Continue reading on Medium »
Full Article
Title: Lab 20: Basic SSRF against the local server
URL Source: https://medium.com/@tkacala212/lab-20-basic-ssrf-against-the-local-server-9ac8f62c2764?source=rss------cybersecurity-5
Published Time: 2026-06-18T10:06:55Z
Markdown Content:
# Lab 20: Basic SSRF against the local server | by Tkacala | Jun, 2026 | Medium
[Sitemap](https://medium.com/sitemap/sitemap.xml)
[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40tkacala212%2Flab-20-basic-ssrf-against-the-local-server-9ac8f62c2764&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)
Get app
[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)
[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40tkacala212%2Flab-20-basic-ssrf-against-the-local-server-9ac8f62c2764&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

# Lab 20: Basic SSRF against the local server
[](https://medium.com/@tkacala212?source=post_page---byline--9ac8f62c2764---------------------------------------)
[Tkacala](https://medium.com/@tkacala212?source=post_page---byline--9ac8f62c2764---------------------------------------)
Follow
2 min read
·
1 hour ago
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F9ac8f62c2764&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40tkacala212%2Flab-20-basic-ssrf-against-the-local-server-9ac8f62c2764&user=Tkacala&userId=249d54e92290&source=---header_actions--9ac8f62c2764---------------------clap_footer------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Frepost%2Fp%2F9ac8f62c2764&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40tkacala212%2Flab-20-basic-ssrf-against-the-local-server-9ac8f62c2764&user=Tkacala&userId=249d54e92290&source=---header_actions--9ac8f62c2764---------------------repost_header------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F9ac8f62c2764&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40tkacala212%2Flab-20-basic-ssrf-against-the-local-server-9ac8f62c2764&source=---header_actions--9ac8f62c2764---------------------bookmark_footer------------------)
Share
## Tujuan
Bayangin kamu bisa suruh server untuk mengunjungi dirinya sendiri lewat parameter stockApi. Karena server percaya input dari user, kamu bisa akses halaman admin yang cuma bisa diakses dari dalam server.
## Langkah 1: Login & Buka Developer Tools
* Buka lab.
* Login dengan wiener : peter.
* Tekan F12 → klik tab “Network” .
* Cari tombol “Check stock” di halaman produk.
Press enter or click to view image in full size

## Langkah 2: Kirim Request & Tangkep
* Klik “Check stock” .
* Di tab Network, cari request POST ke /prosuct/stock.
* Klik kanan → pilih “Edit and Resend” (Firefox).
## Langkah 3: Ganti Parameter `stockApi` ke Localhost
Di jendela Edit and Resend, cari bagian Request Body. Ganti nilainya menjadi :
## Get Tkacala’s stories in your inbox
Join Medium for free to get updates from this writer.
Subscribe
Subscribe
-
URL Source: https://medium.com/@tkacala212/lab-20-basic-ssrf-against-the-local-server-9ac8f62c2764?source=rss------cybersecurity-5
Published Time: 2026-06-18T10:06:55Z
Markdown Content:
# Lab 20: Basic SSRF against the local server | by Tkacala | Jun, 2026 | Medium
[Sitemap](https://medium.com/sitemap/sitemap.xml)
[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40tkacala212%2Flab-20-basic-ssrf-against-the-local-server-9ac8f62c2764&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)
[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)
Get app
[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)
[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)
Sign up
[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40tkacala212%2Flab-20-basic-ssrf-against-the-local-server-9ac8f62c2764&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

# Lab 20: Basic SSRF against the local server
[](https://medium.com/@tkacala212?source=post_page---byline--9ac8f62c2764---------------------------------------)
[Tkacala](https://medium.com/@tkacala212?source=post_page---byline--9ac8f62c2764---------------------------------------)
Follow
2 min read
·
1 hour ago
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F9ac8f62c2764&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40tkacala212%2Flab-20-basic-ssrf-against-the-local-server-9ac8f62c2764&user=Tkacala&userId=249d54e92290&source=---header_actions--9ac8f62c2764---------------------clap_footer------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Frepost%2Fp%2F9ac8f62c2764&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40tkacala212%2Flab-20-basic-ssrf-against-the-local-server-9ac8f62c2764&user=Tkacala&userId=249d54e92290&source=---header_actions--9ac8f62c2764---------------------repost_header------------------)
[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F9ac8f62c2764&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40tkacala212%2Flab-20-basic-ssrf-against-the-local-server-9ac8f62c2764&source=---header_actions--9ac8f62c2764---------------------bookmark_footer------------------)
Share
## Tujuan
Bayangin kamu bisa suruh server untuk mengunjungi dirinya sendiri lewat parameter stockApi. Karena server percaya input dari user, kamu bisa akses halaman admin yang cuma bisa diakses dari dalam server.
## Langkah 1: Login & Buka Developer Tools
* Buka lab.
* Login dengan wiener : peter.
* Tekan F12 → klik tab “Network” .
* Cari tombol “Check stock” di halaman produk.
Press enter or click to view image in full size

## Langkah 2: Kirim Request & Tangkep
* Klik “Check stock” .
* Di tab Network, cari request POST ke /prosuct/stock.
* Klik kanan → pilih “Edit and Resend” (Firefox).
## Langkah 3: Ganti Parameter `stockApi` ke Localhost
Di jendela Edit and Resend, cari bagian Request Body. Ganti nilainya menjadi :
## Get Tkacala’s stories in your inbox
Join Medium for free to get updates from this writer.
Subscribe
Subscribe
-
DeepCamp AI