15 lines
588 B
Markdown
15 lines
588 B
Markdown
|
|
## Blind SSRF
|
|
|
|
- Cannot see the back-end request
|
|
- Harder to exploit but can lead to full RCE
|
|
|
|
Finding the Hidden Attack Surface
|
|
- Partial URLs in Requests
|
|
- URLs within data formats
|
|
- Example is the XML data format
|
|
- If an application parses XML data it might be vulnerable to an XXE injection
|
|
- SSRF via the Referer Header
|
|
- Can exploit server-side analytic software that tracks visitors
|
|
- Analytic software will often visit any 3rd party URL that appears in the Referer header
|
|
- Can exploit the application by editing the referer header for a malicious site or code |