mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 19:36:33 +00:00
Restructure repository: Remove OWASP categorization, organize by vulnerability type
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
@@ -0,0 +1,18 @@
|
||||
# Server-Side Request Forgery (SSRF)
|
||||
|
||||
## Description
|
||||
Server-Side Request Forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. This can lead to unauthorized access to internal systems, cloud metadata endpoints, or other sensitive resources.
|
||||
|
||||
## Common Attack Vectors
|
||||
- URL parameters
|
||||
- File upload (via URL)
|
||||
- Webhook endpoints
|
||||
- PDF generators
|
||||
- Image processing services
|
||||
- API integrations
|
||||
|
||||
## Testing Approach
|
||||
Submit URLs pointing to internal resources, cloud metadata endpoints, or localhost to test if the application makes requests to those resources.
|
||||
|
||||
## Payloads
|
||||
See `ssrf-payloads.txt` for a comprehensive list of SSRF payloads.
|
||||
Reference in New Issue
Block a user