SSRF (Server-side request forgery)
Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing
Vulnerability Name: Server-side request forgery (SSRF) on [Domain name]
Vulnerability Description: Server Side Request Forgery (SSRF) vulnerabilities let an attacker send crafted requests from the back-end server of a vulnerable web application. Criminals usually use SSRF attacks to target internal systems that are behind firewalls and are not accessible from the external network.
Steps to Reproduce: [Create your own according to the workflow of website]
Snapshots or video link attached
Impact: It is common to have a proper firewall/routing rules for external applications, but normally nothing inside the network. That means that an attacker is able to make a device already on the network send the requests, there are no security restrictions to care about for internal systems. Moreover this could lead to
- 1.It is possible to scan ports and IP addresses.
- 2.Interact with some protocols such as Gopher, which allow you to make further discoveries.
- 3.Discover the IP addresses of servers running behind a reverse proxy.
- 4.Remote code execution.
Attack Scenario: [Create your own according to the workflow of website]
- 1.A blacklist is not a good protection because with so many different protocols, schemes, encodings and super complex URI syntax, bypasses will most certainly occur. Because of this, a whitelist is a better approach.
- 2.Disable unused URL schemas.
- 3.Authentication on internal services.