handbook/tools/3.Web-Hacking/4.Injection/SSRF/Notes/4.Blind-SSRF.md


## Blind SSRF

- Cannot see the back-end request
- Harder to exploit but can lead to full RCE

Finding the Hidden Attack Surface
- Partial URLs in Requests
- URLs within data formats
	- Example is the XML data format
	- If an application parses XML data it might be vulnerable to an XXE injection
- SSRF via the Referer Header
	- Can exploit server-side analytic software that tracks visitors
	- Analytic software will often visit any 3rd party URL that appears in the Referer header
	- Can exploit the application by editing the referer header for a malicious site or code
vault backup: 2024-08-31 01:07:21 2024-08-30 23:07:22 +00:00
			`## Blind SSRF`

			`- Cannot see the back-end request`
			`- Harder to exploit but can lead to full RCE`

			`Finding the Hidden Attack Surface`
			`- Partial URLs in Requests`
			`- URLs within data formats`
			`- Example is the XML data format`
			`- If an application parses XML data it might be vulnerable to an XXE injection`
			`- SSRF via the Referer Header`
			`- Can exploit server-side analytic software that tracks visitors`
			`- Analytic software will often visit any 3rd party URL that appears in the Referer header`
			`- Can exploit the application by editing the referer header for a malicious site or code`