Collaborate Disseminate
Suppose I was able to bypass CSRF check. I was able to forge any GET request and make it look like it was issued by the user himself. Is the web application vulnerable to somehow to ‘Client-side’ Request Forgery attack ? How may I exploit… Continue reading What exploit possible when GET request are forged as internal?
There is a url abc.com/something vulnerable to open redirect to xyz.com (fixed)
I am catching requests at xyz.com to see contents of requests coming to it.
When I browse abc.com/something (being logged in to abc.com) from a browser, then … Continue reading What is the difference when a request is made to an open redirect vulnerable url though a browser and through the server using ssrf?
I am pentesting a web application. It makes a backend call to another application, and I am trying to hijack that call.
I have gained control over the URL path, query parameters, and fragment that is being sent (e.g. if the URL is https://… Continue reading Is there any way to get a unicode character that has a byte of 23?
I am pentesting an API which makes a backend call to https://example.org/ and appends any input you provide it (for example, if you provide test it will call https://example.org/test). I am trying to achieve SSRF in this scenario, so my go… Continue reading Hijacking URL that ends with a trailing slash
Amazon Simple Storage Service, or S3, is a popular service that many developers today rely on to quickly build applications. Over time, S3 has become a popular target for attackers, resulting in a large number of data leaks. Most of them, such as the … Continue reading Understanding and Preventing S3 Leaks
A webapp has an img tag that partially takes userinput like so:
<img src="/blah/blah/$USERINPUT.jpg">
where the first / is from the root of the domain.
Could there be a vulnerability here? Potentially using ../ and then at… Continue reading Possible SSRF in image tag that takes (partial) user input?
I am currently studying regarding SSRF. I noticed that an injection vector where SSRF might be present is always parameters that is related to url (Importing image using URL, others). I have encountered a couple of endpoints where request … Continue reading SSRF Through Image Url
Researchers went into detail about the discovery and disclosure of 19 security flaws they found in Mercedes-Benz vehicles, which have all been fixed. Continue reading Black Hat 2020: Mercedes-Benz E-Series Rife with 19 Bugs
I recently came across an application that was vulnerable to HTML injection on the invite function. When I insert <img src="image.jpg"> the image got rendered on the mail I received.
I decided to test for blind ssrf out of … Continue reading HTML Injection to blind SSRF testing retrieves only DNS Query
If I have a an application server that uses an implementation of JAX-RS, and is running as *.war file on an Apache Tomcat server, is there anything special that needs to be done or configured to prevent SSRF attacks?
My naive understandin… Continue reading What measures can be taken to prevent Server Side Request Forgery (SSRF) in a JAX-RS Application running on Apache Tomcat?