mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 11:35:51 +00:00

Files

T

copilot-swe-agent[bot] dbf612f6b1 Fix code review comments: improve formatting and use placeholder values

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

2026-01-04 18:26:37 +00:00

README.md

Add comprehensive OWASP Top 10 directory structure with injection payloads

2026-01-04 18:24:32 +00:00

ssrf-payloads.txt

Fix code review comments: improve formatting and use placeholder values

2026-01-04 18:26:37 +00:00

README.md

A10 - Server-Side Request Forgery (SSRF)

Description

SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network access control list (ACL).

Common Vulnerabilities

Unvalidated URL parameters
Internal network scanning
Cloud metadata access
Local file access via URL schemes
Port scanning
Service enumeration

Testing Approach

Test URL parameters, file upload functionalities, and any feature that fetches external resources. Attempt to access internal resources, cloud metadata endpoints, and local services.