Lab link.
Another SSRF measure is Whitelist-Based. The application only allows entries that match a whitelist. The filter can search for a match inside the input. We bypass this filter by exploiting inconsistencies in URL parsing.
We try to find an SSRF vulnerability in the check stock feature in the application. We try some SSRF payloads and get no results.
To bypass the whitelist method, we first embed the username using the @ character from the hostname and then specify the URL fragment using the # character.
We can access the admin panel and delete the carlos user with the necessary URL edits.