OWASP — SSRF
Server-Side Request Forgery
Let’s look at one more challenge from OWASP API Challenges, please read the first post for better context.
Today we will look into Challenge #11 SSRF, lets dig in.
What is SSRF
Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make requests to an unintended location.
In a typical SSRF attack, the attacker might cause the server to make a connection to internal-only services within the organization’s infrastructure.
Step1 — Create service request
Click on Dashboard to contact mechanic , and then create a service request. As you can see below, the request payload has mechanic_api which is a bit unusual.
Let's try if the backend executes this API, if yes it would be a candidate for SSRF.
Step2 — Execute third-party url
Open Postman or curl and modify the request parameter mechanic_api to another location, here I have used my own website property-dashboard.link , you can try any other URL like google.com
And Voila, you can see the above response, resonse_from_mecahnic_api contains an HTML snippet, you can sanitize it and try to open the HTML, you can clearly see the response is from the URL you supplied in the request parameter.
If you enjoyed this article, please follow me on Twitter, I write about Tech & Fitness
