Collaborate Disseminate
We are running user-submitted JavaScript, server-side to be executed within a headless browser that doesn’t have a DOM or any child of the window or document or location objects – because these are already removed. Is there a way for plain… Continue reading What other methods would an attacker use for making an HTTP request that isn’t Fetch() or an XHR or using the DOM?
I was wondering if it’s possible to kick off a network call by manipulating the style tag on an element outside the DOM (which could lead to potential SSRF if this were done server-side). I’ve tried a number of ideas like setting content: … Continue reading Load url from CSS applied to element outside DOM
My website has an upload form for avatar, you can either upload image directly from PC or either make website grab it from another host.
If the MIME Type is wrong , the response will contain the following:
{"status":"wrong_m… Continue reading SSRF exploitation using MIME Type response
If you had the misfortune of running a Microsoft Exchange server this past week, then you don’t need me to tell you about the Y2K22 problem. To catch rest of …read more Continue reading This Week in Security:Y2K22, Accidentally Blocking 911,and Bug Alert
I’m looking at IMDS and SSRF (https://blog.appsecco.com/server-side-request-forgery-ssrf-and-aws-ec2-instances-after-instance-meta-data-service-version-38fc1ba1a28a)
On the website there is a form with a URL field. If I put in a URL of a s… Continue reading Getting IMDS information via SSRF [closed]
I have a REST which takes a parameter dataSource as input and myService has follow logic.
@RequestMapping(value ="/save", method = RequestMethod.POST)
public List<String> find(@RequestBody String dataSource){
return myS… Continue reading CheckMarx SSRF Vulnerability
Say I’ve found a perfect SSRF vulnerability in a web application that lets me send web requests to any URL, any host, any port, any scheme. I can use the file:// scheme to get the contents of local files, such as file:///C:/Windows/win.ini… Continue reading Uploading/writing server files via SSRF?
Suppose I was able to bypass CSRF check. I was able to forge any GET request and make it look like it was issued by the user himself. Is the web application vulnerable to somehow to ‘Client-side’ Request Forgery attack ? How may I exploit… Continue reading What exploit possible when GET request are forged as internal?
There is a url abc.com/something vulnerable to open redirect to xyz.com (fixed)
I am catching requests at xyz.com to see contents of requests coming to it.
When I browse abc.com/something (being logged in to abc.com) from a browser, then … Continue reading What is the difference when a request is made to an open redirect vulnerable url though a browser and through the server using ssrf?
I am pentesting a web application. It makes a backend call to another application, and I am trying to hijack that call.
I have gained control over the URL path, query parameters, and fragment that is being sent (e.g. if the URL is https://… Continue reading Is there any way to get a unicode character that has a byte of 23?