arisuchan    [ tech / cult / art ]   [ λ / Δ ]   [ psy ]   [ ru ]   [ random ]   [ meta ]   [ all ]    info / stickers     temporarily disabledtemporarily disabled

/cyb/ - cyberpunk and cybersecurity

low life. high tech. anonymity. privacy. security.
Name
Email
Subject
Comment

formatting options

File
Password (For file deletion.)

Help me fix this shit. https://legacy.arisuchan.jp/q/res/2703.html#2703

Kalyx ######


File: 1524101149381.png (103.51 KB, 1454x604, image2.png)

 No.2701

Hi Alice,

I'm here today to talk about Server-Side Request Forgery (SSRF). SSRF occurs when a web application contains some functionality where the application makes an outbound request which the attacker controls the destination to. This can vary from banner grabs to full HTTP requests. An interesting example is a researcher pivoting into NIPRNET via SSRF: https://medium.com/bugbountywriteup/piercing-the-veil-server-side-request-forgery-to-niprnet-access-c358fd5e249a

The impact of SSRF is contextual, but potentially being able to pivot into an internal network, unreachable from the internet, opens up a whole new attack surface.

There is a longer article about it here: https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/

(Use Tor if you want to follow along)
However, examples are always best. Let's use a googledork like the following: "inurl:proxy ext:php "miniproxy""

Miniproxy (http://joshdick.github.io/miniProxy/) is a PHP proxy that is vulnerable to SSRF out of the box.

From the first page of Google, we see two Miniproxy instances:
https://echo534.server4you.de/proxy/index2.php
https://atomicmc.tk/proxy.php

To test for SSRF, let's input a value such as 'http://localhost/server-status'. Apache's mod_status (https://httpd.apache.org/docs/2.4/mod/mod_status.html) provides a useful page that lists some server details, plus all HTTP requests to the server. Very often, sensitive information is disclosed by GET requests within Apache's server-status. While this page is normally inaccessible from the internet, we are able to exploit SSRF to issue the request from the webserver itself and return the content, bypassing this restriction:
https://echo534.server4you.de/proxy/index2.php?HTTP://localhost/server-status
https://atomicmc.tk/proxy.php?http://localhost/server-status

Googledorks will reveal plenty of other examples of SSRF live on the internet that you can practice on. Enjoy the ability to view otherwise inaccessible resources and endpoints on a machine's internal network. Hope you're enjoyed this short lesson Alice.

 No.2703

What's "forgery" about this?

 No.2767

>>2701
That's so cool, thanks for posting this!



[Return] [Go to top] [ Catalog ] [Post a Reply]
Delete Post [ ]