mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 19:36:33 +00:00

Files

T

copilot-swe-agent[bot] ba72efbc5e Restructure repository: Remove OWASP categorization, organize by vulnerability type

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

2026-01-04 19:01:04 +00:00

README.md

Restructure repository: Remove OWASP categorization, organize by vulnerability type

2026-01-04 19:01:04 +00:00

ssrf-payloads.txt

Restructure repository: Remove OWASP categorization, organize by vulnerability type

2026-01-04 19:01:04 +00:00

README.md

Server-Side Request Forgery (SSRF)

Description

Server-Side Request Forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. This can lead to unauthorized access to internal systems, cloud metadata endpoints, or other sensitive resources.

Common Attack Vectors

URL parameters
File upload (via URL)
Webhook endpoints
PDF generators
Image processing services
API integrations

Testing Approach

Submit URLs pointing to internal resources, cloud metadata endpoints, or localhost to test if the application makes requests to those resources.

Payloads

See ssrf-payloads.txt for a comprehensive list of SSRF payloads.