mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 11:35:51 +00:00
copilot-swe-agent[bot]
ba72efbc5e
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
19 lines
766 B
Markdown
19 lines
766 B
Markdown
# Server-Side Request Forgery (SSRF)
|
|
|
|
## Description
|
|
Server-Side Request Forgery (SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. This can lead to unauthorized access to internal systems, cloud metadata endpoints, or other sensitive resources.
|
|
|
|
## Common Attack Vectors
|
|
- URL parameters
|
|
- File upload (via URL)
|
|
- Webhook endpoints
|
|
- PDF generators
|
|
- Image processing services
|
|
- API integrations
|
|
|
|
## Testing Approach
|
|
Submit URLs pointing to internal resources, cloud metadata endpoints, or localhost to test if the application makes requests to those resources.
|
|
|
|
## Payloads
|
|
See `ssrf-payloads.txt` for a comprehensive list of SSRF payloads.
|