This lab is vulnerable to blind SSRF attack which mean we will not see anything in response regarding our payload in request. In this case we need to use the Collaborator.
Access the lab and you will see the page similar to below.
Click on view details of any product and check for the response.
There is only one URL which we can test for SSRF is in Referer header. I changed that to 127.0.0.1 but did not see any change in the response body.
Let’s test this with the Collaborator. Copy the hostname from collaborator and test that.
Now if we check the Collaborator tab, we will see the requests to collaborator server.
And this is how we solved the lab.
