Questions tagged [ssrf]
Server Side Request Forgery (SSRF) is a vulnerability that appears when an attacker has the ability to create requests from the vulnerable server.
42 questions
1
vote
1
answer
284
views
CodeQL: How to resolve partial Server-Side Request Forgery warning when taking user-based input as a FastAPI endpoint?
I am cross-posting here on Information Security as well to request input on the security of the Python code I've written and whether it can be considered a false positive.
I'm writing a function to ...
2
votes
0
answers
99
views
Trying to send a POST request using curl to a HTB machine
I`m trying to perform a SSRF attack on a Hack The Box machine (editorial.htb). I'm trying to send a POST request using curl with the command
curl --data "hckyou.txt" -X POST http://...
- 21
1
vote
2
answers
3k
views
How to resolve server-side request forgery (SSRF) warning for a HTTP request that takes Python package names as input?
I'm working on a function that returns a HTTP response from https://pypi.org/simple/ when Python's pip installer requests it for a package. When pushing my code onto GitHub, the CodeQL checks warn of ...
0
votes
1
answer
104
views
Portswigger SSRF basic lab question
I am working on some portswigger labs to get good at web security.
I was doing this lab at the following link: https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost
Spoiler, you ...
- 111
1
vote
1
answer
756
views
SSRF trough Gopher
Gopher protocol is used a lot when exploiting SSRF, but how?
a Gopher URL takes the form:
gopher://<host>:<port>/<gopher-path>
but let's take this example:
gopher://10.10.10.3:80/...
- 13
0
votes
1
answer
457
views
Server Side Request Forgery Vulnerability Question
I am working on a CTF called Internal. I know there are walkthroughs available but I am trying not to look at them for the time being and try and work through things myself. The admin page that is the ...
- 531
0
votes
1
answer
357
views
SSRF through image searching function?
I am testing this site which has a feature where a user can enter a URL, and the site will grab all images from that URL and allow the user to use them on the site.
This is my first time looking for ...
0
votes
1
answer
204
views
SSRF payload returns 200 ok
If i run a SSRF payload and it returns 200 ok, does it means the target is vulnerable?
There is nothing that would be considerable leaked like data in a body, just the content-type to date such stuff
0
votes
0
answers
162
views
How to circumvent SSRF filter?
I am learning on Tryhackme.com how to circumvent SSRF filter.
There is a website, let's assume it is test.com. test.com has two access points. First is /private which is restricted, and /new-user-...
1
vote
2
answers
1k
views
What is the effect of the "&x=" in a SSRF? Is it something related to encoding?
I'm learning SSRF. I learnt that typing &x= kinda turn off the rest of an URL (like https://some.website.com/user?id=9&x=.website.com/api/item?id=9)
Everything that comes after the &x= ...
- 13
0
votes
1
answer
165
views
What other methods would an attacker use for making an HTTP request that isn't Fetch() or an XHR or using the DOM?
We are running user-submitted JavaScript, server-side to be executed within a headless browser that doesn't have a DOM or any child of the window or document or location objects - because these are ...
- 47.5k
0
votes
0
answers
108
views
Load url from CSS applied to element outside DOM
I was wondering if it's possible to kick off a network call by manipulating the style tag on an element outside the DOM (which could lead to potential SSRF if this were done server-side). I've tried a ...
- 349
1
vote
1
answer
282
views
SSRF exploitation using MIME Type response
My website has an upload form for avatar, you can either upload image directly from PC or either make website grab it from another host.
If the MIME Type is wrong , the response will contain the ...
- 13
0
votes
1
answer
8k
views
CheckMarx SSRF Vulnerability
I have a REST which takes a parameter dataSource as input and myService has follow logic.
@RequestMapping(value ="/save", method = RequestMethod.POST)
public List<String> find(@...
0
votes
1
answer
792
views
Uploading/writing server files via SSRF?
Say I've found a perfect SSRF vulnerability in a web application that lets me send web requests to any URL, any host, any port, any scheme. I can use the file:// scheme to get the contents of local ...
- 99