0x5t4l1n/hunting
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 11:35:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add comprehensive OWASP Top 10 directory structure with injection payloads

Browse Source 
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-04 18:24:32 +00:00
parent ef35e279c7
commit ab9c127df3
28 changed files with 1240 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
OWASP-Top-10/A10-Server-Side-Request-Forgery/README.md
+15
View File
@@ -0,0 +1,15 @@
# A10 - Server-Side Request Forgery (SSRF)
## Description
SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network access control list (ACL).
## Common Vulnerabilities
- Unvalidated URL parameters
- Internal network scanning
- Cloud metadata access
- Local file access via URL schemes
- Port scanning
- Service enumeration
## Testing Approach
Test URL parameters, file upload functionalities, and any feature that fetches external resources. Attempt to access internal resources, cloud metadata endpoints, and local services.