hey folks ! what’s up ? hope you are doing well since today am starting a series for exploiting ssrf i.e server side requested forgery according to my resarch since it’s a vast topic I will cover this topic in various parts i will not waste your time by explaining this vulnerablity deeply you can read about this vulnerablity from here before starting let me give a overview about this vulnerablity If this vulnerablity present in any application you can do lot of things by escilating this vulnerablity you can even do remote code execution i will cover about escilation and chaining the ssrf with higher impact vulnerablity in next series so basic things we can do with ssrf are :-
Variuos Attack Performed By SSRF
- Xspa(ip address of server behind proxy) / Internal port scanning
- Extract credentials of aws/googlecloud or any other cloud service leads to remote code execution
- os command injection
- xss??? hell yesssssss ***
attack on website services by using url schemes such as gopher,dict,ftp etc. During my resarch i found only these conculsions :/ if you know any other despite of them then let me know in comment section Now we discuss about where we can find this vulnerablity I will show practial vulnerablity testing in next article In thi article i will cover how can we identify this vulnerablity Finding A Ssrf Vulnerablity In Web Application well, there are lot of ways and techniqus to exploit ssrf bug but where to test for an ssrf Vulnerablity i will demonstrate in this article The main reason by which ssrf is exploited is via untrusted input in application i divided ssrf in three parts according to their impact :- [] ssrf via untrusted input exploiting these kind of ssrf gonna fun because mostly it leads to internal files disclousre which leads to obtain remote code execution we can also do internal port scanning , xss and protocol attacks by exploiting these type of attacks [] blind ssrf These type of ssrf are hard to exploit because it’s not like normal ssrf we can’t see the exploitation so we create burp collbrator, ngrok to detect and exploit this type of ssrf There are many type of ssrf present with diffrent name i divided in two types for my own resarch purpose and also sake of some understanding i iduldge all chaning stuff in these two methods :_; i will cover everything os coomand injection,protocol attack via ssrf, stealing credentials to obtain rce, internal port scanning, xss via ssrf basically all about exploitation in next part