🤑
hacking-methodology
Github
  • README
  • Reconnaissance
    • Web
    • Web attacks
      • CRLF Injection
      • IDOR
      • File Inclusion
      • File Upload
      • SSRF
      • CSRF
      • XSS
    • Databases
    • DBMS
      • MySQL
      • MSSQL
      • ORACLE
      • REDIS
      • MongoDB
      • SQLite
    • Windows
    • Other technologies
  • Privilege Escalation
    • Linux
      • Path Hijacking
      • Shared Library Misconfigurations
      • USBCreator D-Bus
    • Windows
      • Active Directory Enumeration
      • Services & Features
  • Binary Exploitation
    • Format String Vulnerability
  • Miscellaneous
    • Universal Tools and Resources
    • Methodology, Tricks & Common sense
  • Language Specific Exploits
    • Python
      • Data Model Parsing (pytorch / pickle)
Powered by GitBook
On this page
  • Server-Side Request Forgery (SSRF)
  • Example 1
  • Example 2 (LFI)
  1. Reconnaissance
  2. Web attacks

SSRF

Server-Side Request Forgery (SSRF)

Server-Side Request Forgery is a web security vulnerability that allows an attacker to cause the server-side application to make requests to an unintended location

Example 1

<?php
$new_page = $_GET["page"];
header("Location:   $new_page");
?>

Here one can just supply any URL as the page parameter; http://remote.com?page=http://10.10.10.10

It will result in a redirect to the given url.

Example 2 (LFI)

<?php  
$url = $_GET["url"];  
$content = file_get_contents($url);  
echo $content;  
?>

This is a normal LFI, those it can still be classified as SSRF.

One can just use a file as the url parameter and read it; http://remote.com?url=/etc/passwd

PreviousFile UploadNextCSRF

Last updated 6 months ago