Summary : Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.
In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services within the organization's infrastructure, or to external third-party systems
Severity : High
POST Request :
Complexity : Easy
From : Remote / External
Steps to Reproduce:
1. Attacker finds the vulnerable injection point (parameter)
2. Attacker sends a localhost request or request to his controlled domain (eg: Burp collaborator)
3. Attacker is able to scan the internal network or connect to localhost. Also attacker can get a HTTP connection on his controlled domain.
4. Attacker successfully performs SSRF and exfiltrates data if any.
Impact : An Adversary can carry out SSRF attack to scan the internal network, perform sensitive actions, download sensitive files like meta-data etc.
Affected IP's : IP Address Port
There should be a proper validation and sanitization of any URL's,IP or shortlinks given by the user. More here - https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html
Proof of Concept :
Attached Screenshot or Video