Server Side Request Forgery


Description

The application is vulnerable to server side request forgery. Server side request forgery occurs when an application submits a URL that contains user-controlled data to the server. An attacker can manipulate the URL and cause the server to make requests to internal resources that are not available on the Internet. An attacker can use server side request forgery to abuse trust relationships, exfiltrate sensitive data, and perform unauthorized actions on internal resources.

Impact

An attacker who can control requests made by a server can conduct a number of attacks against other servers.  By manipulating a URL and having requests go through a server, the attacker may be able to abuse trust relationships to bypass firewall rules or IP whitelisting, for example. Triggering requests through a server can also be used to port scan the internal environment in order to map the network and discover internal services.  Services that are available internally may be accessible to an attacker through server side request forgery. If a database exposes an interface internally over HTTP, an attacker may be able to extract data depending on whether authentication is enabled. An attacker may be able to interact with an internal-only API by making HTTP requests through the manipulated URL. In other cases, the file URI scheme (file://) may be used to retrieve files from servers on the internal network.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply