Port scanning with SSRF
The endpoint appears to be vulnerable to Server Side Request Forgery attack. The original request was replayed by replacing the URI parameter with some of the popular ports. The application responded with 2XX success code indicating that the port is open.
Server Side Request Forgery (SSRF)
How this template works
The API selection filters in this template are used to filter requests based on specific criteria. In this case, the filters are checking if the request payload or query parameter contains the string "http". If the condition is met, the request will be selected for further processing.
The execute section of the template specifies the actions to be performed on the selected requests. In this case, the template modifies the query parameter and body parameter of the selected requests by replacing the "url_key" with the values specified in the "filePaths" word list.
The validation section defines the criteria for validating the response of the executed requests. It checks if the response code is between 200 and 299 (indicating a successful response) and if the response payload matches any of the provided regular expressions. If the validation criteria are met, the request is considered successful.
Frequently asked questions
What is the purpose of this test
How does SSRF vulnerability occur
What are some modern concepts that make SSRF more common and dangerous
Why is it challenging to limit outbound traffic from modern applications
What are the potential impacts of successful exploitation of SSRF vulnerability
How can developers protect against SSRF attacks