mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 11:35:51 +00:00
copilot-swe-agent[bot]
ab9c127df3
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
16 lines
759 B
Markdown
16 lines
759 B
Markdown
# A10 - Server-Side Request Forgery (SSRF)
|
|
|
|
## Description
|
|
SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network access control list (ACL).
|
|
|
|
## Common Vulnerabilities
|
|
- Unvalidated URL parameters
|
|
- Internal network scanning
|
|
- Cloud metadata access
|
|
- Local file access via URL schemes
|
|
- Port scanning
|
|
- Service enumeration
|
|
|
|
## Testing Approach
|
|
Test URL parameters, file upload functionalities, and any feature that fetches external resources. Attempt to access internal resources, cloud metadata endpoints, and local services.
|