SSRF
Summary : Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.
In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services within the organization's infrastructure, or to external third-party systems
Severity : High
POST Request :
Complexity : Easy
From : Remote / External
Steps to Reproduce:
1. Attacker finds the vulnerable injection point (parameter)
2. Attacker sends a localhost request or request to his controlled domain (eg: Burp collaborator)
3. Attacker is able to scan the internal network or connect to localhost. Also attacker can get a HTTP connection on his controlled domain.
4. Attacker successfully performs SSRF and exfiltrates data if any.
Impact : An Adversary can carry out SSRF attack to scan the internal network, perform sensitive actions, download sensitive files like meta-data etc.
Affected IP's : IP Address Port
https://www.india.gov.in/ 443
Recommendations :
There should be a proper validation and sanitization of any URL's,IP or shortlinks given by the user. More here - https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html
References :
https://portswigger.net/web-security/ssrf
https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/
Proof of Concept :
Attached Screenshot or Video
Call us any time:
+91 9106147779Email us 24/7 hours:
shifa@hacktify.inCopyright © 2023 Hacktify All Rights Reserved.
WhatsApp us