0x5t4l1n/hunting
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 19:36:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
31f716671f5e92ffc8f557fb5918988052d7ec15
hunting/OWASP-Top-10/A10-Server-Side-Request-Forgery/README.md
T
copilot-swe-agent[bot] ab9c127df3 Add comprehensive OWASP Top 10 directory structure with injection payloads 
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
2026-01-04 18:24:32 +00:00

759 B
Raw Blame History

A10 - Server-Side Request Forgery (SSRF)

Description

SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network access control list (ACL).

Common Vulnerabilities

  • Unvalidated URL parameters
  • Internal network scanning
  • Cloud metadata access
  • Local file access via URL schemes
  • Port scanning
  • Service enumeration

Testing Approach

Test URL parameters, file upload functionalities, and any feature that fetches external resources. Attempt to access internal resources, cloud metadata endpoints, and local services.

Reference in New Issue View Git Blame Copy Permalink