Lab 20: Basic SSRF against the local server

📰 Medium · Cybersecurity

Tujuan Continue reading on Medium »

Published 18 Jun 2026

Full Article

Title: Lab 20: Basic SSRF against the local server

URL Source: https://medium.com/@tkacala212/lab-20-basic-ssrf-against-the-local-server-9ac8f62c2764?source=rss------cybersecurity-5

Published Time: 2026-06-18T10:06:55Z

Markdown Content:
# Lab 20: Basic SSRF against the local server | by Tkacala | Jun, 2026 | Medium

[Sitemap](https://medium.com/sitemap/sitemap.xml)

[Open in app](https://play.google.com/store/apps/details?id=com.medium.reader&referrer=utm_source%3DmobileNavBar&source=post_page---top_nav_layout_nav-----------------------------------------)

Sign up

[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40tkacala212%2Flab-20-basic-ssrf-against-the-local-server-9ac8f62c2764&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

[](https://medium.com/?source=post_page---top_nav_layout_nav-----------------------------------------)

Get app

[Write](https://medium.com/m/signin?operation=register&redirect=https%3A%2F%2Fmedium.com%2Fnew-story&source=---top_nav_layout_nav-----------------------new_post_topnav------------------)

[Search](https://medium.com/search?source=post_page---top_nav_layout_nav-----------------------------------------)

Sign up

[Sign in](https://medium.com/m/signin?operation=login&redirect=https%3A%2F%2Fmedium.com%2F%40tkacala212%2Flab-20-basic-ssrf-against-the-local-server-9ac8f62c2764&source=post_page---top_nav_layout_nav-----------------------global_nav------------------)

![Image 1: Unknown user](https://miro.medium.com/v2/resize:fill:32:32/1*dmbNkD5D-u45r44go_cf0g.png)

# Lab 20: Basic SSRF against the local server

[![Image 2: Tkacala](https://miro.medium.com/v2/da:true/resize:fill:32:32/0*TogPEViw1BvJbLG5)](https://medium.com/@tkacala212?source=post_page---byline--9ac8f62c2764---------------------------------------)

[Tkacala](https://medium.com/@tkacala212?source=post_page---byline--9ac8f62c2764---------------------------------------)

Follow

2 min read

·

1 hour ago

[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F9ac8f62c2764&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40tkacala212%2Flab-20-basic-ssrf-against-the-local-server-9ac8f62c2764&user=Tkacala&userId=249d54e92290&source=---header_actions--9ac8f62c2764---------------------clap_footer------------------)

[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Frepost%2Fp%2F9ac8f62c2764&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40tkacala212%2Flab-20-basic-ssrf-against-the-local-server-9ac8f62c2764&user=Tkacala&userId=249d54e92290&source=---header_actions--9ac8f62c2764---------------------repost_header------------------)

[](https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fbookmark%2Fp%2F9ac8f62c2764&operation=register&redirect=https%3A%2F%2Fmedium.com%2F%40tkacala212%2Flab-20-basic-ssrf-against-the-local-server-9ac8f62c2764&source=---header_actions--9ac8f62c2764---------------------bookmark_footer------------------)

Share

## Tujuan

Bayangin kamu bisa suruh server untuk mengunjungi dirinya sendiri lewat parameter stockApi. Karena server percaya input dari user, kamu bisa akses halaman admin yang cuma bisa diakses dari dalam server.

## Langkah 1: Login & Buka Developer Tools

* Buka lab.
* Login dengan wiener : peter.
* Tekan F12 → klik tab “Network” .
* Cari tombol “Check stock” di halaman produk.

Press enter or click to view image in full size

![Image 3](https://miro.medium.com/v2/resize:fit:700/1*QOfRp1sL3BYyMqMhqgbVkw.png)

## Langkah 2: Kirim Request & Tangkep

* Klik “Check stock” .
* Di tab Network, cari request POST ke /prosuct/stock.
* Klik kanan → pilih “Edit and Resend” (Firefox).

## Langkah 3: Ganti Parameter `stockApi` ke Localhost

Di jendela Edit and Resend, cari bagian Request Body. Ganti nilainya menjadi :

## Get Tkacala’s stories in your inbox

Join Medium for free to get updates from this writer.

Subscribe

Subscribe

-
Read full article → ← Back to Reads