SSRF – WindowsTechs.com

Portswigger SSRF basic lab question

Posted on April 9, 2024 by PurpleHacker

I am working on some portswigger labs to get good at web security.
I was doing this lab at the following link: https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost
Spoiler, you press the "check stock" button… Continue reading Portswigger SSRF basic lab question→

SSRF trough Gopher

Posted on December 23, 2023 by Jeff

Gopher protocol is used a lot when exploiting SSRF, but how?
a Gopher URL takes the form:
gopher://<host>:<port>/<gopher-path>

but let’s take this example:
gopher://10.10.10.3:80/_POST%20/login%20HTTP/1.1%0aContent-Ty… Continue reading SSRF trough Gopher→

Server Side Request Forgery Vulnerability Question

Posted on December 3, 2023 by user2334659

I am working on a CTF called Internal. I know there are walkthroughs available but I am trying not to look at them for the time being and try and work through things myself. The admin page that is the apparent target is http://10.10.240.10… Continue reading Server Side Request Forgery Vulnerability Question→

We intercept browser in burp and change the referral URL, is it a vulnerability? [closed]

Posted on June 19, 2023 by Bhoomika Mg

If I put the browser with burp suite and send it to the repeater and there if I change the referral url to any random url is it a vulnerability?
If it is vulnerable, what is the name of the vulnerability?
If it is not vulnerable please jus… Continue reading We intercept browser in burp and change the referral URL, is it a vulnerability? [closed]→

SSRF change method from POST to GET

Posted on June 11, 2023 by Rektile

I’m currently doing a pentest and noticed an endpoint where SSRF is possible. The internal request that is sent is a POST request. I would like to find a way to change it to a GET request. I spun up my own server and created a page that pe… Continue reading SSRF change method from POST to GET→

postgres database information passing in request can we exploit further? [closed]

Posted on May 1, 2023 by infosec_learner

Application login request is shown below.
The postgres information is passed via the cabinetName parameter. Is it a vulnerability? is it useful? can we exploit it?
or any other ways to exploit below request?
POST /<REDACTED>/LoginSer… Continue reading postgres database information passing in request can we exploit further? [closed]→

New Wave of Cyberattacks Targeting MS Exchange Servers

Posted on January 25, 2023 by Waqas

By Waqas
Cybercriminals are leveraging two exploit chains (ProxyNotShell/OWASSRF) to target Microsoft Exchange servers, as warned by Bitdefender Labs.
This is a post from HackRead.com Read the original post: New Wave of Cyberattacks Targeting MS Exchan… Continue reading New Wave of Cyberattacks Targeting MS Exchange Servers→

SSRF through image searching function?

Posted on January 2, 2023 by plshelpmetysm

I am testing this site which has a feature where a user can enter a URL, and the site will grab all images from that URL and allow the user to use them on the site.
This is my first time looking for SSRF so I’m not fully sure what counts a… Continue reading SSRF through image searching function?→

SSRF payload returns 200 ok

Posted on November 22, 2022 by jonathans

If i run a SSRF payload and it returns 200 ok, does it means the target is vulnerable?
There is nothing that would be considerable leaked like data in a body, just the content-type to date such stuff

Continue reading SSRF payload returns 200 ok→

What is the effect of the "&x=" in a SSRF? Is it something related to encoding?

Posted on August 3, 2022 by Ezau

I’m learning SSRF. I learnt that typing &x= kinda turn off the rest of an URL (like https://some.website.com/user?id=9&x=.website.com/api/item?id=9)
Everything that comes after the &x= part gets ignored. Why is that? Or, if it’… Continue reading What is the effect of the "&x=" in a SSRF? Is it something related to encoding?→