Lab link.
We can perform SSRF attack with parameters vulnerable to open redirection.
Our path redirecting request is “GET /product/nextProduct?currentProductId=4&path=”. We edit this request according to our payload and send it with the stockApi used in the check stock process.