SSRF – Page 2 – WindowsTechs.com

SSRF through image searching function?

Posted on January 2, 2023 by plshelpmetysm

I am testing this site which has a feature where a user can enter a URL, and the site will grab all images from that URL and allow the user to use them on the site.
This is my first time looking for SSRF so I’m not fully sure what counts a… Continue reading SSRF through image searching function?→

SSRF payload returns 200 ok

Posted on November 22, 2022 by jonathans

If i run a SSRF payload and it returns 200 ok, does it means the target is vulnerable?
There is nothing that would be considerable leaked like data in a body, just the content-type to date such stuff

Continue reading SSRF payload returns 200 ok→

What is the effect of the "&x=" in a SSRF? Is it something related to encoding?

Posted on August 3, 2022 by Ezau

I’m learning SSRF. I learnt that typing &x= kinda turn off the rest of an URL (like https://some.website.com/user?id=9&x=.website.com/api/item?id=9)
Everything that comes after the &x= part gets ignored. Why is that? Or, if it’… Continue reading What is the effect of the "&x=" in a SSRF? Is it something related to encoding?→

What other methods would an attacker use for making an HTTP request that isn’t Fetch() or an XHR or using the DOM?

Posted on July 2, 2022 by rook

We are running user-submitted JavaScript, server-side to be executed within a headless browser that doesn’t have a DOM or any child of the window or document or location objects – because these are already removed. Is there a way for plain… Continue reading What other methods would an attacker use for making an HTTP request that isn’t Fetch() or an XHR or using the DOM?→

Load url from CSS applied to element outside DOM

Posted on April 11, 2022 by winhowes

I was wondering if it’s possible to kick off a network call by manipulating the style tag on an element outside the DOM (which could lead to potential SSRF if this were done server-side). I’ve tried a number of ideas like setting content: … Continue reading Load url from CSS applied to element outside DOM→

SSRF exploitation using MIME Type response

Posted on March 15, 2022 by Animation

My website has an upload form for avatar, you can either upload image directly from PC or either make website grab it from another host.
If the MIME Type is wrong , the response will contain the following:
{"status":"wrong_m… Continue reading SSRF exploitation using MIME Type response→

This Week in Security:Y2K22, Accidentally Blocking 911,and Bug Alert

Posted on January 7, 2022 by Jonathan Bennett

If you had the misfortune of running a Microsoft Exchange server this past week, then you don’t need me to tell you about the Y2K22 problem. To catch rest of …read more Continue reading This Week in Security:Y2K22, Accidentally Blocking 911,and Bug Alert→

Getting IMDS information via SSRF [closed]

Posted on December 10, 2021 by Missing Egg

I’m looking at IMDS and SSRF (https://blog.appsecco.com/server-side-request-forgery-ssrf-and-aws-ec2-instances-after-instance-meta-data-service-version-38fc1ba1a28a)
On the website there is a form with a URL field. If I put in a URL of a s… Continue reading Getting IMDS information via SSRF [closed]→

CheckMarx SSRF Vulnerability

Posted on November 17, 2021 by Artem Fedin

I have a REST which takes a parameter dataSource as input and myService has follow logic.
@RequestMapping(value ="/save", method = RequestMethod.POST)
public List<String> find(@RequestBody String dataSource){
return myS… Continue reading CheckMarx SSRF Vulnerability→

Uploading/writing server files via SSRF?

Posted on October 27, 2021 by Bob

Say I’ve found a perfect SSRF vulnerability in a web application that lets me send web requests to any URL, any host, any port, any scheme. I can use the file:// scheme to get the contents of local files, such as file:///C:/Windows/win.ini… Continue reading Uploading/writing server files via SSRF?→